Setting the 802.1X authentication timeout timers
About 802.1X authentication timeout timers
The network device uses the following 802.1X authentication timeout timers:
Client timeout timer—Starts when the access device sends an EAP-Request/MD5-Challenge packet to a client. If no response is received when this timer expires, the access device retransmits the request to the client.
Server timeout timer—Starts when the access device sends a RADIUS Access-Request packet to the authentication server. If no response is received when this timer expires, the 802.1X authentication fails.
Restrictions and guidelines
In most cases, the default settings are sufficient. You can edit the timers, depending on the network conditions.
In a low-speed network, increase the client timeout timer.
In a network with authentication servers of different performance, adjust the server timeout timer.
To avoid forcible user logoffs before the server timeout timer expires, set the server timeout timer to a value not more than the product of the following values:
The maximum number of RADIUS packet transmission attempts set by using the retry command in RADIUS scheme view.
The RADIUS server response timeout period set by using the timer response-timeout command in RADIUS scheme view.
For information about setting the maximum number of RADIUS packet transmission attempts and the RADIUS server response timeout period, see "Configuring AAA."
Procedure
Enter system view.
system-view
Set the client timeout timer.
dot1x timer supp-timeout supp-timeout-value
The default is 30 seconds.
Set the server timeout timer.
dot1x timer server-timeout server-timeout-value
The default is 100 seconds.