User manual
C
HAPTER
14
| Security Measures
Configuring 802.1X Port Authentication
– 194 –
ES-2000 Series
This command attribute sets the timeout for EAP-request frames other
than EAP-request/identity frames. If dot1x authentication is enabled on
a port, the switch will initiate authentication when the port link state
comes up. It will send an EAP-request/identity frame to the client to
request its identity, followed by one or more requests for authentication
information. It may also send other EAP-request frames to the client
during an active connection as required for reauthentication.
◆ Server Timeout – Sets the time that a switch port waits for a response
to an EAP request from an authentication server before re-transmitting
an EAP packet.
(Fixed Setting: 10 seconds)
◆ Re-authentication Status – Sets the client to be re-authenticated
after the interval specified by the Re-authentication Period. Re-
authentication can be used to detect if a new device is plugged into a
switch port. (Default: Disabled)
◆ Re-authentication Period – Sets the time period after which a
connected client must be re-authenticated. (Range: 1-65535 seconds;
Default: 3600 seconds)
Authenticator PAE State Machine
◆ State – Current state (including initialize, disconnected, connecting,
authenticating, authenticated, aborting, held, force_authorized,
force_unauthorized).
◆ Reauth Count – Number of times connecting state is re-entered.
◆ Current Identifier – Identifier sent in each EAP Success, Failure or
Request packet by the Authentication Server.
Backend State Machine
◆ State – Current state (including request, response, success, fail,
timeout, idle, initialize).
◆ Request Count – Number of EAP Request packets sent to the
Supplicant without receiving a response.
◆ Identifier (Server) – Identifier carried in the most recent EAP
Success, Failure or Request packet received from the Authentication
Server.
Reauthentication State Machine
◆ State – Current state (including initialize, reauthenticate).