HP Manager Software manual Attempts

320CHAPTER 7: CONFIGURING AUTHENTICATION, AUTHORIZATION, AND ACCOUNTING PARAMETERS

10To set the maximum number of times the WX switch retransmits an EAP request to the client before timing out the authentication session, specify the value (0 to 10) in the Maximum Requests box. The default is

2 attempts.

To support SSIDs that have both 802.1X and static WEP clients, MSS sends a maximum of two ID requests, even if this parameter is set to a higher value. Setting the parameter to a higher value does affect all other types of EAP messages.

11To enable encryption key information to be sent to the client after authentication in EAPoL-Key PDUs, select Key Transmit.

The WX switch sends EAPoL key messages after successfully authenticating the client and receiving authorization attributes for the client. If the client is using dynamic Wired-Equivalent Privacy protocol (WEP), the EAPoL key messages are sent immediately after authorization.

To disable this option, clear Key Transmit. By default, this option is enabled.

12To enable reauthentication of 802.1X clients, select Reauthentication.

To disable reauthentication, clear Reauthentication. By default, reauthentication is enabled.

13To specify the number of reauthentication requests the WX switch attempts before an 802.1X client becomes unauthorized, specify the value (1 to 10) in the Reauthentication Attempts box. The default is 2 attempts.

If the number of reauthentications for a wired authentication client is greater than the maximum number of reauthentications allowed, MSS sends an EAP failure packet to the client and removes the client from the network. However, MSS does not remove a wireless client from the network under these circumstances.

14To specify the number of seconds before reauthentication is attempted, specify the timeout value, from 60 to 1,641,600 seconds (19 days), in the Reauthentication Period box. The default is 3600 seconds (one hour).

MSS reauthenticates dynamic WEP clients based on the reauthentication timer. MSS also reauthenticates WPA clients if the clients use the WEP-40 or WEP-104 cipher. For each dynamic WEP client or WPA client using a WEP cipher, the reauthentication timer is set to the lesser of the global setting or the value returned by the AAA server with the rest of the authorization attributes for that client.