Quick Reference Guide
936 PowerConnect B-Series TI24X Configuration Guide
53-1002269-02
Configuring 802.1X port security
28
A pass essentially bypasses the authentication process and permits user access to the network. A
fail bypasses the authentication process and blocks user access to the network, unless
restrict-vlan is configured, in which case, the user is placed into a VLAN with restricted or limited
access. By default, the device will reset the authentication process and retry to authenticate the
user.
Specify the RADIUS timeout action at the Interface level of the CLI.
Permit user access to the network after a RADIUS timeout
To set the RADIUS timeout behavior to bypass 802.1X authentication and permit user access to the
network, enter commands such as the following
PowerConnect(config)# interface ethernet 1
PowerConnect(config-if-e100-1)# dot1x auth-timeout-action success
Syntax: [no] dot1x auth-timeout-action success
Once the success timeout action is enabled, use the no form of the command to reset the RADIUS
timeout behavior to retry.
Re-authenticate a user
To configure RADIUS timeout behavior to bypass multi-device port authentication and permit user
access to the network, enter commands similar to the following
PowerConnect(config)# interface ethernet 1
PowerConnect(config-if-e100-1)# dot1x re-auth-timeout-success 60
Syntax: [no] dot1x re-auth-timeout- success <seconds>
The <seconds> parameter specifies the number of seconds the device will wait to re-authenticate
a user after a timeout. The minimum value is 10 seconds. The maximum value is 2
16
-1 (maximum
unsigned 16-bit value).
Deny user access to the network after a RADIUS timeout
To set the RADIUS timeout behavior to bypass 802.1X authentication and block user access to the
network, enter commands such as the following
PowerConnect(config)# interface ethernet 1
PowerConnect(config-if-e100-1)# dot1x auth-timeout-action failure
Syntax: [no] dot1x auth-timeout-action failure
Once the failure timeout action is enabled, use the no form of the command to reset the RADIUS
timeout behavior to retry.
NOTE
If restrict-vlan is configured along with auth-timeout-action failure, the user will be placed into a
VLAN with restricted or limited access.Refer to “Allow user access to a restricted VLAN after a
RADIUS timeout” on page 936.
Allow user access to a restricted VLAN after a RADIUS timeout
To set the RADIUS timeout behavior to bypass 802.1X authentication and place the user in a VLAN
with restricted or limited access, enter commands such as the following
PowerConnect(config)# interface ethernet 1
PowerConnect(config-if-e100-1)# dot1x auth-fail-action restrict-vlan 100
PowerConnect(config-if-e100-1)# dot1x auth-timeout-action failure