The authentication event session-timeout command sets the timeout period of network access rights granted to users in different authentication stages.
The undo authentication event session-timeout command restores the default timeout period.
By default, the timeout period of network access rights granted to users is 15 minutes.
System view, Ethernet interface view, GE interface view, MultiGE interface view, XGE interface view, 25GE interface view, 40GE interface view, 100GE interface view, Eth-Trunk interface view
authentication event { pre-authen | authen-fail | authen-server-down | client-no-response } session-timeout session-time
undo authentication event { pre-authen | authen-fail | authen-server-down | client-no-response } session-timeout
VLANIF interface view
authentication event { pre-authen | authen-fail | authen-server-down } session-timeout session-time
undo authentication event { pre-authen | authen-fail | authen-server-down } session-timeout
| Parameter | Description | Value |
|---|---|---|
| pre-authen | Specifies the timeout period of the network access rights granted to users before authentication starts. |
- |
| authen-fail | Specifies the timeout period of the network access rights granted to users when authentication fails. |
- |
| authen-server-down | Specifies the timeout period of the network access rights granted to users when the authentication server does not respond. |
- |
| client-no-response | Specifies the timeout period of the network access rights granted to users when the 802.1X client does not respond. This parameter is only valid for 802.1X authentication. |
- |
| session-time | Specifies the value of timeout period. If the user still fails to be authenticated when the user aging time expires, the user entry is deleted. |
The value is an integer that ranges from 0 to 71581, in minutes. |
System view, VLANIF interface view, Ethernet interface view, GE interface view, MultiGE interface view, XGE interface view, 25GE interface view, 40GE interface view, 100GE interface view, Eth-Trunk interface view
Usage Scenario
After you run the authentication event command to grant the network access rights to users in different authentication stages, you can run the authentication event session-timeout command to specify the timeout period for the network access rights. Users can access the authorized resources within the timeout period, and will be forced to go offline after the timeout period expires.
If the aging time is set to 0, the network access rights granted to the user will not expire. To disconnect the user from the network, run the cut access-user command on the device or configure the authentication server to deliver an offline message to the user.
Precautions
The timeout period set in the VLANIF interface view is not applicable to 802.1X authentication.
If this command is only run in the system view, the configuration takes effect on all interfaces. If this command is run in both the system view and interface view, the configuration on interfaces takes precedence over the global configuration.
This function takes effect only for users who go online after this function is successfully configured.