(Optional) Configuring Timers for 802.1X Authentication
Context
During 802.1X authentication, multiple timers implement
systematic interactions between access users, access devices, and
the authentication server. You can change the values of timers by
running the dot1x
timer command to adjust the interaction process.
This command is necessary in special network environments. It is recommended
that you retain the default settings of the timers. You can configure
the following types of timers in 802.1X authentication:
- Client timeout timer (client-timeout): After sending an EAP-Request/MD5-Challenge request packet to the client, the device starts this timer. If the client does not respond within the period set by the timer, the device retransmits the packet.
- Authentication request timeout timer (tx-period): This timer defines two intervals. After sending an EAP-Request/Identity request packet to the client, the device starts the timer. If the client does not respond within the first interval set by the timer, the device retransmits the authentication request packet. The device multicasts the EAP-Request/Identity request packet at the second interval to detect the client that does not actively send the EAPoL-Start connection request packet for compatibility. The timer defines the interval for sending the multicast packet.
Procedure
- Run system-view
The system view is displayed.
- Run dot1x timer { client-timeout client-timeout-value | tx-period tx-period-value }
The 802.1X timers are configured.
By default, client-timeout is set to 5 seconds; tx-period is set to 30 seconds.
The client timeout timer, and the authentication request timeout timer are enabled by default.