Reference Guide
• Terminate the authentication process due to an unresponsive supplicant.
INTERFACE mode
dot1x supplicant-timeout seconds
The range is from 1 to 300.
The default is 30.
• Terminate the authentication process due to an unresponsive authentication server.
INTERFACE mode
dot1x server-timeout seconds
The range is from 1 to 300.
The default is 30.
The example shows configuration information for a port for which the authenticator terminates the authentication
process for an unresponsive supplicant or server after 15 seconds.
Example of Viewing Configured Server Timeouts
The bold lines show the new supplicant and server timeouts.
FTOS(conf-if-Te-0/0)#dot1x port-control force-authorized
FTOS(conf-if-Te-0/0)#do show dot1x interface TenGigabitEthernet 0/0
802.1x information on Te 0/0:
-----------------------------
Dot1x Status: Enable
Port Control: FORCE_AUTHORIZED
Port Auth Status: UNAUTHORIZED
Re-Authentication: Disable
Untagged VLAN id: None
Guest VLAN: Disable
Guest VLAN id: NONE
Auth-Fail VLAN: Disable
Auth-Fail VLAN id: NONE
Auth-Fail Max-Attempts: NONE
Tx Period: 90 seconds
Quiet Period: 120 seconds
ReAuth Max: 10
Supplicant Timeout: 15 seconds
Server Timeout: 15 seconds
Re-Auth Interval: 7200 seconds
Max-EAP-Req: 10
Auth Type: SINGLE_HOST
Auth PAE State: Initialize
Backend State: Initialize
Enter the tasks the user should do after finishing this task (optional).
Configuring Dynamic VLAN Assignment with Port Authentication
FTOS supports dynamic VLAN assignment when using 802.1X.
The basis for VLAN assignment is RADIUS attribute 81, Tunnel-Private-Group-ID. Dynamic VLAN assignment uses the
standard dot1x procedure:
1. The host sends a dot1x packet to the Dell Networking system
2. The system forwards a RADIUS REQEST packet containing the host MAC address and ingress port number
3. The RADIUS server authenticates the request and returns a RADIUS ACCEPT message with the VLAN assignment
using Tunnel-Private-Group-ID
78