beautypg.com

Allied Telesis AT-S63 User Manual

Page 358

background image

Chapter 23: 802.1x Port-based Network Access Control

358

Section VI: Port Security

TX Period
Sets the number of seconds that the switch waits for a response to an
EAP-request/identity frame from the client before retransmitting the
request. The default value is 30 seconds. The range is 1 to 65,535
seconds.

Quiet Period
Sets the number of seconds that the port remains in the quiet state
following a failed authentication exchange with the client. The default
value is 60 seconds. The range is 0 to 65,535 seconds.

Reauth Enabled
Controls whether the client must periodically reauthenticate. The
default setting of enabled requires the client to periodically
reauthenticate. The time period between reauthentications is set with
the Reauth Period option. If this parameter is set to disabled, the client
is not required to reauthenticate after the initial authentication, unless
there is a change to the status of the link between the supplicant and
the switch or the switch is reset or power cycled. The options are
Enabled or Disabled. The default is Enabled.

Reauth Period
Specifies the time period in seconds between reauthentications of the
client when the Reauth Enabled option is set to Enabled. The default
value is 3600 seconds. The range is 1 to 65,535 seconds.

Supplicant Timeout
Sets the switch-to-client retransmission time for the EAP-request
frame. The default value for this parameter is 30 seconds. The range is
1 to 600 seconds.

Server Timeout
Sets the timer used by the switch to determine authentication server
timeout conditions. The default value for this parameter is 30 seconds.
The range is 1 to 600 seconds.

Control Direction
Specifies how the port handles ingress and egress broadcast and
multicast packets when in the unauthorized state. When a port is set to
the Authenticator role, it remains in the unauthorized state until the
client logs on by providing a username and password combination. In
the unauthorized state, the port only accepts EAP packets from the
client. All other ingress packets that the port might receive from the
client, including multicast and broadcast traffic, are discarded until the
supplicant has logged in. The options are:

Ingress - A port, when in the unauthorized state, discards all ingress
broadcast and multicast packets from the client, but forwards all
egress broadcast and multicast traffic to the same client.

Both - A port, when in the unauthorized state, does not forward ingress
or egress broadcast and multicast packets from or to the client until the