beautypg.com

Specifying the radius timeout action – Brocade TurboIron 24X Series Configuration Guide User Manual

Page 986

background image

952

Brocade TurboIron 24X Series Configuration Guide

53-1003053-01

Configuring 802.1X port security

Tunnel-Type (64) – RFC 2868

Tunnel-Medium-Type (65) – RFC 2868

EAP Message (79) – RFC 2579

Message-Authenticator (80) RFC 3579

Tunnel-Private-Group-Id (81) – RFC 2868

NAS-Port-id (87) – RFC 2869

Specifying the RADIUS timeout action

A RADIUS timeout occurs when the device does not receive a response from a RADIUS server
within a specified time limit and after a certain number of retries. The time limit and number of
retries can be manually configured using the CLI commands radius-server timeout and
radius-server retransmit, respectively. If the parameters are not manually configured, the device
applies the default value of three seconds time limit with a maximum of three retries.

A pass essentially bypasses the authentication process and permits user access to the network. A
fail bypasses the authentication process and blocks user access to the network, unless
restrict-vlan is configured, in which case, the user is placed into a VLAN with restricted or limited
access. By default, the device will reset the authentication process and retry to authenticate the
user.

Specify the RADIUS timeout action at the Interface level of the CLI.

Permit user access to the network after a RADIUS timeout
To set the RADIUS timeout behavior to bypass 802.1X authentication and permit user access to the
network, enter commands such as the following

TurboIron(config)#interface ethernet 1

TurboIron(config-if-e100-1)#dot1x auth-timeout-action success

Syntax: [no] dot1x auth-timeout-action success

Once the success timeout action is enabled, use the no form of the command to reset the RADIUS
timeout behavior to retry.

Re-authenticate a user
To configure RADIUS timeout behavior to bypass multi-device port authentication and permit user
access to the network, enter commands similar to the following

TurboIron(config)#interface ethernet 1

TurboIron(config-if-e100-1)#dot1x re-auth-timeout-success 60

Syntax: [no] dot1x re-auth-timeout- success <seconds>

The <seconds> parameter specifies the number of seconds the device will wait to re-authenticate
a user after a timeout. The minimum value is 10 seconds. The maximum value is 2

16

-1 (maximum

unsigned 16-bit value).

Deny user access to the network after a RADIUS timeout
To set the RADIUS timeout behavior to bypass 802.1X authentication and block user access to the
network, enter commands such as the following

TurboIron(config)#interface ethernet 1

TurboIron(config-if-e100-1)#dot1x auth-timeout-action failure

See also other documents in the category Brocade Computer Accessories: