The dot1x retry command configures the number of times an authentication request or handshake packet is retransmitted to an 802.1X user.
The undo dot1x retry command restores the default configuration.
By default, the device can retransmit an authentication request or handshake packet to an 802.1X user twice.
Parameter |
Description |
Value |
|---|---|---|
max-retry-value |
Specifies the number of times an authentication request or handshake packet is retransmitted to an 802.1X user. |
The value is an integer that ranges from 1 to 10. |
Usage Scenario
If the device does not receive any response from a user within a specified time after sending an authentication request or handshake packet to the user, the device sends the authentication request or handshake packet again. If the authentication request or handshake packet has been sent for the maximum retransmission times and no response is received, the user authentication or handshake fails. In this process, the total number of authentication requests or handshake packets sent by the device is max-retry-value plus 1.
Precautions
Repeated authentication requests occupy a lot of system resources. When using the dot1x retry command, you can set the maximum number of times according to user requirements and device resources. The default value is recommended.
The following table lists the intervals at which the device retransmits different types of packets and related commands.
Packet Type |
Interval for Retransmitting Packets |
Command |
|---|---|---|
EAP-Request/Identity packet (MAC address bypass authentication is disabled) |
tx-period-value |
dot1x timer tx-period tx-period-value |
EAP-Request/Identity packet (MAC address bypass authentication is enabled) |
Integer part of the value calculated using the following formula: delay-time-value/(max-retry-value + 1) |
dot1x timer mac-bypass-delay delay-time-value |
EAP-Request/MD5 Challenge packet |
client-timeout-value |
dot1x timer client-timeout client-timeout-value |