Allied Telesis AT-S63 User Manual

Page 578

background image

Chapter 30: 802.1x Port-based Network Access Control

578

Section VIII: Port Security

disabled, the supplicant is not require to reauthenticate after the initial
authentication.

6 - Reauth Period
Specifies the time period in seconds between reauthentications of the
client when the Reauth. Enabled option is set to Enabled. The default
value is 3600 seconds. The range is 1 to 65,535 seconds.

7 - Supplicant Timeout
This parameter sets the switch-to-client retransmission time for the
EAP-request frame. The default value for this parameter is 30
seconds. The range is 1 to 600 seconds.

8 - Server Timeout
This parameter sets the timer used by the switch to determine
authentication server timeout conditions. The default value for this
parameter is 30 seconds. The range is 1 to 600 seconds.

9 - Max Requests
This parameter specifies the maximum number of times that the switch
retransmits an EAP Request packet to the client before it times out the
authentication session. The default value for this parameter is 2
retransmissions. The range is 1 to 10 retransmissions.

A - VLAN Assignment
This parameter controls whether an authenticator port uses the VLAN
assignments returned by a RADIUS server. Options are:

ˆ

Enabled: Specifies that the authenticator port is to use the VLAN
assignment returned by the RADIUS server when a supplicant logs
on. This is the default setting. The port automatically moves to the
designated VLAN after the supplicant successfully logs on.

ˆ

Disabled: Specifies that the authenticator port ignore any VLAN
assignment information returned by the RADIUS server when a
supplicant logs on. The authenticator port remains in its predefined
VLAN assignment even if the RADIUS server returns a VLAN
assignment when a supplicant logs on. This is the default setting.

B - Secure VLAN
This parameter controls the action of an authenticator port to
subsequent authentications after the initial authentication where VLAN
assignments have been added to the user accounts on the RADIUS
server. This parameter only applies when the port is operating in the
Multiple operating mode. Possible settings are:

ˆ

On: Specifies that only those supplicants with the same VLAN
assignment as the initial supplicant are authenticated. Supplicants
with a different or no VLAN assignment are denied entry to the
port. This is the default setting.

ˆ

Off: Specifies that all supplicants, regardless of their assigned
VLANs, are authenticated. However, the port remains in the VLAN