dot1x retry

If the device does not receive any response from a user within a specified time after sending an authentication request or handshake packet to the user, the device sends the authentication request or handshake packet again. If the authentication request or handshake packet has been sent for the maximum retransmission times and no response is received, the user authentication or handshake fails. In this process, the total number of authentication requests or handshake packets sent by the device is max-retry-value plus 1.

• After you run the dot1x retry command, the setting takes effect on all interfaces enabled with 802.1X authentication.
• Repeated authentication requests occupy a lot of system resources. When using the dot1x retry command, you can set the maximum number of times according to user requirements and device resources. The default value is recommended.
• The interval for sending authentication requests is set using the dot1x timer command. The interval for sending authentication requests to offline users is controlled by the tx-period and client-timeout timer, and the interval for sending authentication requests to online users is controlled by the handshake-period timer.
• The dot1x retry command is used together with the guest VLAN function (for details, see authentication guest-vlan). If a user does not respond within the specified maximum number of times, the user is added to the guest VLAN so that the user can access resources in the guest VLAN without being authenticated.