Configuring AAA for Network Users 423

Bonded Authentication Period

The Bonded Authentication period is the number of seconds WSS Software allows a Bonded Authentication user to reauthenticate.

After successful machine authentication, a session for the machine appears in the session table in WSS Software. When the user logs on and is authenticated, the user session replaces the machine session in the table. However, since the user’s authentication rule contains the bonded option, WSS Software remembers that the machine was authenticated.

If a Bonded Authentication user’s session is ended due to 802.1X reauthentication or the RADIUS Session-Timeout parameter, WSS Software can allow time for the user to reauthenticate. The amount of time that WSS Software allows for reauthentication is controlled by the Bonded Authentication period.

If the user does not reauthenticate within the Bonded Authentication period, WSS Software deletes the infor- mation about the machine session. After the machine session information is deleted, the Bonded Authentication user cannot reauthenticate. When this occurs, the user will need to log off, then log back on, to access the network. After multiple failed reauthentication attempts, the user might need to reboot the PC before logging on.

By default, the Bonded Authentication period is 0 seconds. WSS Software does not wait for a Bonded Authen- tication user to reauthenticate.

You can set the Bonded Authentication period to a value up to 300 seconds. Nortel recommends that you try 60 seconds, and change the period to a longer value only if clients are unable to authenticate within 60 seconds.

To set the Bonded Authentication period, use the following command:

set dot1x bonded-period seconds

To reset the Bonded Authentication period to its default value (0), use the following command:

clear dot1x bonded-period

Bonded Authentication Configuration Example

To configure Bonded Authentication:

Configure separate authentication rules for the machine and for the user(s).

Set the Bonded Authentication period.

Verify the configuration changes.

The following commands configure two 802.1X authentication rules for access to SSID mycorp. The first rule is for authentication of all trusted laptop PCs at mycorp.com (host/*-laptop.mycorp.com). The second rule is

Nortel WLAN Security Switch 2300 Series Configuration Guide

Page 423
Image 423
Nortel Networks 2300 Bonded Authentication Period, Bonded Authentication Configuration Example, Clear dot1x bonded-period