Setting the 802.1x authentication timeout timers – H3C Technologies H3C S6300 Series Switches User Manual
Page 88
73
Step Command
Remarks
1.
Enter system view.
system-view
N/A
2.
Enter Layer 2 Ethernet
interface view.
interface interface-type
interface-number
N/A
3.
Set the maximum number of
concurrent 802.1X users on a
port.
dot1x max-user user-number
By default, the maximum
number of concurrent 802.1X
users on a port is 2048.
Setting the maximum number of authentication
request attempts
The network access device retransmits an authentication request if it receives no response to the request
it has sent to the client within a period of time (specified by using the dot1x timer tx-period
tx-period-value command or the dot1x timer supp-timeout supp-timeout-value command). The network
access device stops retransmitting the request if it has made the maximum number of request transmission
attempts but still receives no response.
To set the maximum number of authentication request attempts:
Step Command
Remarks
1.
Enter system view.
system-view
N/A
2.
Set the maximum number of attempts for
sending an authentication request.
dot1x retry max-retry-value
The default setting is
2.
Setting the 802.1X authentication timeout timers
The network device uses the following 802.1X authentication timeout timers:
•
Client timeout timer—Starts when the access device sends an EAP-Request/MD5 Challenge packet
to a client. If no response is received when this timer expires, the access device retransmits the
request to the client.
•
Server timeout timer—Starts when the access device sends a RADIUS Access-Request packet to the
authentication server. If no response is received when this timer expires, the access device
retransmits the request to the server.
You can set the client timeout timer to a high value in a low-performance network and adjust the server
timeout timer to adapt to the performance of different authentication servers. In most cases, the default
settings are sufficient.
To set the 802.1X authentication timeout timers:
Step Command
Remarks
1.
Enter system view.
system-view
N/A
2.
Set the client timeout
timer.
dot1x timer supp-timeout
supp-timeout-value
The default is 30 seconds.