802.1x parameters can be set before global 802.1x authentication is enabled, but take no effect. After global 802.1x authentication is enabled, 802.1x parameters can be set before of each interface takes effect.
You can configure 802.1x authentication to authenticate and control access devices connected to an interface of a LAN access control device.
Table 1 describes the parameters on the 802.1X Global Settings page.
Parameter |
Description |
|---|---|
Global 802.1X |
Indicates whether to enable global 802.1x authentication. The options are Enable and Disable. By default, the value is Disable. 802.1x parameters can be set before global 802.1x authentication is enabled, but take no effect. After global 802.1x authentication is enabled, 802.1x parameters can be set before of each interface takes effect. |
Quiet Period |
Indicates whether to enable the quiet timer function. The options are Enable and Disable. By default, the value is Disable. NOTE:
If a user fails to pass 802.1x authentication after the quiet timer function is enabled, the system keeps the user quiet for a period. In this manner, the impact caused by frequent authentication is prevented. During the quite period, the switch discards 802.1x authentication request packets from the user. |
DHCP Trigger |
Indicates whether to enable the switch to trigger 802.1x authentication after receiving DHCP messages. The options are Enable and Disable. By default, the value is Disable. The switch is enabled to trigger 802.1x authentication after receiving DHCP messages. If a user fails to pass authentication, the user cannot dynamically obtain an IP address from the DHCP server. |
Handshake |
Indicates whether to enable the handshake function. The options are Enable and Disable. By default, the value is Disable. NOTE:
Not all clients support the handshake function. If a client does not support the handshake function, the switch will not receive handshake response packets within the handshake interval. In this case, you need to disable the handshake function to prevent the switch from disconnecting users by mistake. |
Number of Quiet Failures |
Indicates the number of authentication failures before the 802.1x user enters the quiet state. |
Retry Times |
Indicates the number of retransmission times. If the switch does not receive a response after sending an authentication request to a user, the switch retransmits the authentication request to the user. If the switch still fails to receive the response when the number of sent authentication requests reaches the limit, the switch does not send the authentication request to the user any more. |
Client Timeout |
Indicates the timeout interval of the response from the client. |
Handshake Interval |
Indicates the interval of handshakes between the switch and the 802.1x client. |
Re-authentication Interval |
Indicates the re-authentication interval. After a user passes 802.1x authentication, the switch sends a re-authentication request to the authentication server after a period. The re-authentication interval is controlled by the re-authentication timer. |
Authentication Request Interval |
Indicates the interval for sending authentication requests. |
Server Timeout |
Indicates the timeout interval of the response from the server. If the authentication server does not respond to an authentication request within the timeout interval, the switch retransmits the authentication request to the authentication server. |
Quiet Period |
Indicates the value of the quiet timer. If a user fails to pass 802.1x authentication, the authentication device waits until the quiet timer expires and re-initiates authentication requests. During the quiet period, the authentication device does not process authentication requests from the user. |