The dot1x timer command sets values of timers used in 802.1X authentication.
The undo dot1x timer command restores the default settings of timers used in 802.1X authentication.
For the default settings of timers used in 802.1X authentication, see the table in "Parameters".
dot1x timer { client-timeout client-timeout-value | handshake-period handshake-period-value | eth-trunk-access handshake-period handshake-period-value | quiet-period quiet-period-value | tx-period tx-period-value | mac-bypass-delay delay-time-value | free-ip-timeout free-ip-time-value }
undo dot1x timer { client-timeout | handshake-period | eth-trunk-access handshake-period | quiet-period | tx-period | mac-bypass-delay | free-ip-timeout }
Parameter |
Description |
Value |
|---|---|---|
client-timeout client-timeout-value |
Specifies the timeout interval of the authentication response from the client. You are advised to set this parameter to 30 seconds. NOTE:
On the network, some terminals may delay in responding to EAP-Request/MD5 Challenge packets sent from the device. If the delay is long, you can increase client-timeout client-timeout-value so that these terminals can go online. The adjustment rule is as follows: 3 x client-timeout client-timeout-value > Terminal response delay |
The value is an integer that ranges from 1 to 120, in seconds. By default, the timeout interval of the authentication response from the client is 5 seconds. |
handshake-period handshake-period-value |
Specifies the handshake interval between the device and 802.1X authentication client connected to a non-Eth-Trunk interface. For details, see dot1x handshake. |
The value is an integer that ranges from 5 to 7200, in seconds. By default, the interval for sending handshake packets is 15 seconds. |
eth-trunk-access handshake-period handshake-period-value |
Specifies the handshake interval between the device and 802.1X authentication client connected to an Eth-Trunk. For details, see dot1x handshake. |
The value is an integer that ranges from 30 to 7200, in seconds. By default, the interval for sending handshake packets is 120 seconds. |
quiet-period quiet-period-value |
Specifies the quiet period. For details, see dot1x quiet-period. |
The value is an integer that ranges from 1 to 3600, in seconds. By default, the quiet period of a user who fails authentication is 60 seconds. |
tx-period tx-period-value |
Specifies the interval for sending authentication requests. The device starts the tx-period timer in either of the following situations:
|
The value is an integer that ranges from 1 to 120, in seconds. By default, the interval for sending authentication requests is 30 seconds. |
mac-bypass-delay delay-time-value |
Specifies the value of the delay timer for MAC address bypass authentication. After MAC address bypass authentication is configured, the device performs 802.1X authentication and starts the delay timer for MAC address bypass authentication. If 802.1X authentication fails after the value of the delay timer is reached, the device performs MAC address bypass authentication. |
The value is an integer that ranges from 1 to 300, in seconds. By default, the value of the delay timer for MAC address bypass authentication is 30s. |
free-ip-timeout free-ip-time-value |
Specifies the aging time of authentication-free user entries. When the 802.1X free IP subnet is configured, the device creates authentication-free user entries after receiving ARP/DHCP packets from 802.1X users. If users go offline abnormally, the authentication-free user entries cannot be deleted. To prevent this problem, the aging time of authentication-free user entries can be configured. |
The value is an integer that ranges from 0 to 71581, in minutes. The value 0 indicates that authentication-free user entries do not age. By default, the value of the aging time for authentication-free user entries is 1380 minutes. |
During 802.1X authentication, multiple timers implement systematic interactions between access users, access devices, and the authentication server. You can change the values of the timers using the dot1x timer command to adjust the interaction process. (The values of some timers cannot be changed.) This command is necessary in special network environments. Generally, the default settings of the timers are recommended.