|
| User’s Manual of | |
|
| ||
|
|
|
|
• | Reauthentication | If checked, clients are reauthenticated after the interval specified by the | |
| Enabled | Reauthentication Period. Reauthentication for | |
|
| to detect if a new device is plugged into a switch port. | |
|
| For | |
|
| configuration has changed. It does not involve communication between the | |
|
| switch and the client, and therefore doesn't imply that a client is still present on a | |
|
| port (see Age Period below). | |
|
|
|
|
• | Reauthentication | Determines the period, in seconds, after which a connected client must be | |
| Period | reauthenticated. This is only active if the Reauthentication Enabled checkbox is | |
|
| checked. Valid values are in the range 1 to 3600 seconds. | |
|
|
|
|
• | EAP Timeout | Determines the time the switch shall wait for the supplicant response before | |
|
| retransmitting a packet. Valid values are in the range 1 to 255 seconds. This has | |
|
| no effect for | |
|
|
|
|
• | Age Period | This setting applies to ports running | |
|
| Suppose a client is connected to a 3rd party switch or hub, which in turn is | |
|
| connected to a port on this switch that runs | |
|
| suppose the client gets successfully authenticated. Now assume that the client | |
|
| powers down his PC. What should make the switch forget about the | |
|
| authenticated client? Reauthentication will not solve this problem, since this | |
|
| doesn't require the client to be present, as discussed under Reauthentication | |
|
| Enabled above. The solution is aging of authenticated clients. The Age Period, | |
|
| which can be set to a number between 10 and 1000000 seconds, works like this: | |
|
| A timer is started when the client gets authenticated. After half the age period, the | |
|
| switch starts looking for frames sent by the client. If another half age period | |
|
| elapses and no frames are seen, the client is considered removed from the | |
|
| system, and it will have to authenticate again the next time a frame is seen from | |
|
| it. If, on the other hand, the client transmits a frame before the second half of the | |
|
| age period expires, the switch will consider the client alive, and leave it | |
|
| authenticated, and restart the age timer. | |
|
|
|
|
• | Hold Time | This setting applies to ports running | |
|
| If the RADIUS server denies a client access, or a RADIUS server request times | |
|
| out (after 40 seconds with two retries), the client is put on hold in the | |
|
| Unauthorized state. In this state, frames from the client will not cause the switch | |
|
| to attempt to reauthenticate the client. The Hold Time, which can be set to a | |
|
| number between 10 and 1000000 seconds, determines the time after an EAP | |
|
| Failure indication or RADIUS timeout that a client is not allowed access. | |
|
|
|
|
|
|
|
|
145
