dot1x timer
Function
The dot1x timer command configures the parameters of each 802.1X timer.
The undo dot1x timer command restores the default settings.
For the default parameter settings of each 802.1X timer, see the parameter description.
Format
dot1x timer { client-timeout client-timeout-value | reauthenticate-period reauthenticate-period-value }
undo dot1x timer { client-timeout | reauthenticate-period }Parameters
Parameter |
Description |
Value |
|---|---|---|
client-timeout client-timeout-value |
Specifies the client authentication timeout interval. NOTE:
On the network, some terminals may delay in responding to EAP-Request/MD5 Challenge packets sent from the device. If the delay is long, you can increase client-timeout client-timeout-value so that these terminals can go online. The adjustment rule is as follows: 3 x client-timeout client-timeout-value > Terminal response delay |
The value is an integer that ranges from 1 to 120, in seconds. By default, the client authentication timeout interval is 2 seconds. |
| reauthenticate-period reauthenticate-period-value | Specifies the periodic re-authentication period for online 802.1X users. |
The value is an integer that ranges from 1 to 65535, in seconds. By default, the periodic re-authentication period is 3600 seconds for online 802.1X users. |
Usage Guidelines
During 802.1X authentication, multiple timers are started to implement proper and orderly interactions between access users, access devices, and the authentication server. You can change the values of timers by running the dot1x timer command to adjust the interaction process. (The values of some timers cannot be changed.) This command is necessary in special network environments. It is recommended that you retain the default settings of the timers.
This command only sets the values of the timers. To enable the timers, perform corresponding configurations or use default settings.
- The client authentication timeout timer and the interval for sending authentication requests are enabled by default. You can run the dot1x retry command to configure the number of retransmissions of authentication request packets when the client authentication times out.
- The re-authentication timer for online 802.1X users is disabled by default. To enable this timer, run the dot1x reauthenticate command.
It is recommended that the re-authentication interval be set to the default value. If multiple ACLs need to be delivered during user authorization, you are advised to disable the re-authentication function or set a longer re-authentication interval to improve the device's processing performance.
In remote authentication and authorization, if the re-authentication interval is set to a shorter time, the CPU usage may be higher.
To reduce the impact on the device performance when many users exist, the user re-authentication interval may be longer than the configured re-authentication interval.
