Manualshelf

Administrator Guide

ManualsBrandsDell ManualsAccess PlatformsC9010 Modular Chassis Switch
919293949596979899100
Auth PAE State: Initialize
Backend State: Initialize
Configuring Timeouts
If the supplicant or the authentication server is unresponsive, the authenticator terminates the authentication process after 30
seconds by default. You can configure the amount of time the authenticator waits for a response.
To terminate the authentication process, use the following commands.
Terminate the authentication process due to an unresponsive supplicant.
INTERFACE mode
dot1x supplicant-timeout seconds
The range is from 1 to 300.
The default is 30.
Terminate the authentication process due to an unresponsive authentication server.
INTERFACE mode
dot1x server-timeout seconds
The range is from 1 to 300.
The default is 30.
The example shows configuration information for a port for which the authenticator terminates the authentication process for
an unresponsive supplicant or server after 15 seconds.
The bold lines show the new supplicant and server timeouts.
Dell(conf-if-Te-0/0)#dot1x port-control force-authorized
Dell(conf-if-Te-0/0)#do show dot1x interface TenGigabitEthernet 0/0
802.1x information on Te 0/0:
-----------------------------
Dot1x Status: Enable
Port Control: FORCE_AUTHORIZED
Port Auth Status: UNAUTHORIZED
Re-Authentication: Disable
Untagged VLAN id: None
Guest VLAN: Disable
Guest VLAN id: NONE
Auth-Fail VLAN: Disable
Auth-Fail VLAN id: NONE
Auth-Fail Max-Attempts: NONE
Tx Period: 90 seconds
Quiet Period: 120 seconds
ReAuth Max: 10
Supplicant Timeout: 15 seconds
Server Timeout: 15 seconds
Re-Auth Interval: 7200 seconds
Max-EAP-Req: 10
Auth Type: SINGLE_HOST
Auth PAE State: Initialize
Backend State: Initialize
Enter the tasks the user should do after finishing this task (optional).
Multi-Host Authentication
By default, 802.1x assumes that a single end user is connected to a single authenticator port in a one-to-one mode of
authentication called single-host mode. If multiple end users are connected to the same port, a many-to-one configuration, only
the first end user to respond to the identity request is authenticated. Subsequent responses are ignored, and a system log is
generated to indicate reception of unexpected 802.1x frames. When a port is authorized, the authenticated supplicant MAC
address is associated with the port, and traffic from any other source MACs is dropped.
98
802.1X