beautypg.com

PLANET WGSD-8020 User Manual

Page 182

background image

User’s Manual of WGSD-8020

182

Period

reauthenticated. This is only active if the Reauthentication Enabled checkbox is

checked.

Valid values are in the range 1 to 3600 seconds.

EAP Timeout

Determines the time the switch shall wait for the supplicant response before

retransmitting a packet.

Valid values are in the range 1 to 255 seconds. This has no effect for MAC-based

ports.

Age Period

This setting applies to ports running

MAC-based authentication

, only

.

Suppose a client is connected to a 3rd party switch or hub, which in turn is

connected to a port on this switch that runs MAC-based authentication, and

suppose the client gets successfully authenticated.

Now assume that the client powers down his PC. What should make the switch

forget about the authenticated client? Reauthentication will not solve this

problem, since this doesn't require the client to be present, as discussed under

Reauthentication Enabled above. The solution is aging of authenticated clients.

The Age Period, which can be set to a number between 10 and 1000000

seconds, works like this: A timer is started when the client gets authenticated.

After half the age period, the switch starts looking for frames sent by the client. If

another half age period elapses and no frames are seen, the client is considered

removed from the system, and it will have to authenticate again the next time a

frame is seen from it. If, on the other hand, the client transmits a frame before the

second half of the age period expires, the switch will consider the client alive, and

leave it authenticated, and restart the age timer.

Hold Time

This setting applies to ports running MAC-based authentication, only.

If the RADIUS server denies a client access, or a RADIUS server request times

out (after 40 seconds with two retries), the client is put on hold in the

Unauthorized state. In this state, frames from the client will not cause the switch

to attempt to reauthenticate the client. The Hold Time, which can be set to a

number between 10 and 1000000 seconds, determines the time after an EAP

Failure indication or RADIUS timeout that a client is not allowed access.

See also other documents in the category PLANET Routers: