Configuring the Interval for Sending 802.1X Authentication Requests

Context

The device starts the tx-period timer (specifying the interval for sending 802.1X authentication requests) in either of the following situations:

When a client initiates authentication, the device sends a unicast Request/Identity packet to the client and starts the tx-period timer. If the client does not respond within the period set by the timer, the device retransmits the authentication request.
To authenticate the 802.1X clients that cannot initiate authentication, the device periodically sends multicast Request/Identity packets through the 802.1X-enabled interface to the clients at the interval set by the tx-period timer.

If a request packet has been sent for the maximum number of times (configured using the dot1x retry max-retry-value command) and no response is received from the client, the device stops sending the request packet.

In Figure 1, the device sends an authentication failure packet to the client after the EAP-Request/Identity packet times out. Generally, if the client fails to be authenticated, the device starts a backup mechanism (Portal authentication or granting specified access permission), so that the client can continue to access the network. If MAC address bypass authentication is disabled, the value of the timeout timer for EAP-Request/Identity packets is calculated as follows:

Timer value = (max-retry-value + 1) x tx-period-value

If MAC address bypass authentication is enabled, the value of the timeout timer for EAP-Request/Identity packets is configured using the dot1x timer mac-bypass-delay delay-time-value command.

Timer value = delay-time-value

Figure 1 802.1X authentication timeout process

Procedure

Run system-view
The system view is displayed.
Run dot1x timer tx-period tx-period-value
The interval for sending 802.1X authentication requests is configured.

By default, the device sends 802.1X authentication requests at an interval of 30 seconds.