< Home

authentication timer re-authen

Function

The authentication timer re-authen command configures the interval for re-authenticating pre-connection users or users who fail authentication.

The undo authentication timer re-authen command restores the default setting.

By default, for wired users, the interval for re-authenticating pre-connection users or users who fail authentication is 60 seconds. For wireless users, the interval for re-authenticating users who fail authentication is 0 seconds. That is, the re-authentication function is disabled for users who fail authentication.

Format

authentication timer re-authen { pre-authen re-authen-time | authen-fail re-authen-time [ wlan-user ] }

undo authentication timer re-authen { pre-authen | authen-fail [ wlan-user ] }

Only S5730-HI, S5731-H, S5731S-H, S6730-H, S6730S-H, S5732-H, S6720-HI, and S5720-HI the wlan-user parameter.

Parameters

Parameter Description Value

pre-authen re-authen-time

Specifies the interval for re-authenticating pre-connection users.

The device cannot re-authenticate wireless pre-connection users. Therefore, this parameter is not supported for wireless users.

The value can be 0 or an integer in the range from 30 to 7200, in seconds.

The value 0 indicates that the re-authentication function is disabled for pre-connection users.

authen-fail re-authen-time

Specifies the interval for re-authenticating users who fail authentication.

The value can be 0 or an integer in the range from 30 to 7200, in seconds.

The value 0 indicates that the re-authentication function is disabled for users who fail authentication.

wlan-user

Indicates wireless users.

If this parameter is not specified, the user type is wired users.

-

Views

Authentication profile view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

The device creates user entries when network access rights are assigned to pre-connection users or users who fail authentication. To enable users to pass authentication in real time, the device periodically re-authenticates pre-connection users or users who fail authentication according to user entries. Administrators can adjust the re-authentication interval based on the actual network requirements.

Precautions

This command applies only to 802.1X authentication and MAC address authentication.

This function takes effect only for users who go online after this function is successfully configured.

To reduce the impact on the device performance when many users exist, the user re-authentication interval may be longer than the configured re-authentication interval.

If a static user that has 802.1X authentication configured enters the pre-connection state after failing authentication, 802.1X authentication will be performed. During 802.1X authentication, the re-authentication interval specified by the pre-authen re-authen-time parameter does not take effect. If 802.1X authentication fails, the re-authentication interval takes effect, and re-authentication will be triggered for the static user based on this interval.

Example

# In the authentication profile authen1, set the interval for re-authenticating users who fail authentication to 300 seconds.

<HUAWEI> system-view
[HUAWEI] authentication-profile name authen1
[HUAWEI-authen-profile-authen1] authentication timer re-authen authen-fail 300
Parent Topic: NAC Configuration Commands (Unified Mode)
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >