beautypg.com

Re-authenticating a port manually, Setting the quiet period, Optional) – Brocade Multi-Service IronWare Security Configuration Guide (Supporting R05.6.00) User Manual

Page 330

background image

312

Multi-Service IronWare Security Configuration Guide

53-1003035-02

Configuring 802.1x port security

8

The re-authentication interval is a global setting, applicable to all 802.1x-enabled interfaces. If you
want to re-authenticate clients connected to a specific port manually, use the dot1x re-authenticate
command. Refer to

“Re-authenticating a port manually”

.

Re-authenticating a port manually

When periodic re-authentication is enabled, by default the device re-authenticates clients
connected to an 802.1x-enabled interface every 3,600 seconds (or the time specified by the dot1x
timeout re-authperiod command). You can also manually re-authenticate clients connected to a
specific port.

For example, to re-authenticate clients connected to interface 3/1, enter the following command.

Brocade# dot1x re-authenticate e 3/1

Syntax: [no] dot1x re-authenticate portnum

Setting the quiet period

If the device is unable to authenticate the client, the device waits a specified amount of time before
trying again. The amount of time the device waits is specified with the quiet-period parameter. This
timer also indicates how long a client that failed authentication would have its blocked entry
programmed into the hardware.The quiet-period parameter can be from 0 – 4294967295
seconds. The default is 60 seconds.

For example, to set the quiet period to 30 seconds, enter the following command.

Brocade(config-dot1x)# timeout quiet-period 30

Syntax: [no] timeout quiet-period seconds

Setting the interval for retransmission of
EAP-request or identity frames

When the device sends a client an EAP-request or identity frame, it expects to receive an
EAP-response or identity frame from the client. If the client does not send back an EAP-response or
identity frame, the device waits a specified amount of time and then retransmits the EAP-request
or identity frame. You can specify the amount of time the device waits before retransmitting the
EAP-request or identity frame to the client. This amount of time is specified with the tx-period
parameter. The tx-period parameter can be from 1 – 65535 seconds. The default is 30 seconds.

For example, to cause the device to wait 60 seconds before retransmitting an EAP-request or
identity frame to a client, enter the following command.

Brocade(config-dot1x)# timeout tx-period 60

Syntax: [no] timeout tx-period seconds

If the client does not send back an EAP-response or identity frame within 60 seconds, the device
will transmit another EAP-request or identity frame.

See also other documents in the category Brocade Computer Accessories: