Application Guide

ManualsBrandsAntaira Technologies ManualsComputers & AccessoriesAntaira LMX-0800 Industrial-Grade 8-Port Managed Fast Ethernet Switch, DIN-Rail Mount, -10 to 70°C Operating Temperature, Redundant 12 to 48 VDC Power Input

[64]

Software User's

Manual

–

Version 3.0

Reauthentication

Enabled

If checked, successfully authenticated supplicants/clients are

reauthenticated after the interval specified by the Reauthentication

Period. Reauthentication for 802.1X-enabled ports can be used to detect

if a new device is plugged into a switch port or if a supplicant is no longer

attached.

For MAC-based ports, reauthentication is only useful if the RADIUS

server configuration has changed. It does not involve communication

between the switch and the client, and therefore doesn’t imply that a client

is still present on a port (see Aging Period below).

Reauthentication

Period

Determines the period, in seconds, after which a connected client must be

reauthenticated. This is only active if the Reauthentication Enabled

checkbox is checked.

Valid values are in the range 1 to 3600 seconds.

EAPOL Timeout

Determines the time for retransmission of Request Identity EAPOL

frames. Valid values are in the range 1 to 65535 seconds. This has no

effect for MAC- based ports.

Aging Period

This setting applies to the following modes, i.e. modes using the Port

Security functionality to secure MAC addresses:

 Single 802.1X

 Multi 802.1X

 MAC-Based Auth.

When the NAS module uses the Port Security module to secure MAC

addresses, the Port Security module needs to check for activity on the

MAC address in question at regular intervals and free resources if no

activity is seen within a given period of time. This parameter controls

exactly this period and can be set to a number between 10 and 1000000

seconds.

It is not critical, if reauthentication is enabled and the port is in an 802.1X-

based mode, as supplicants that are no longer attached to the port will get

removed upon the next reauthentication, which will fail. But if

reauthentication is not enabled, the only way to free resources is by aging

the entries.

For ports in MAC-based Auth. mode, reauthentication doesn’t cause

direct communication between the switch and the client, so this will not

detect whether the client is still attached or not, and the only way to free

any resources is to age the entry.

Hold Time

This setting applies to the following modes, i.e. modes using the Port

Security functionality to secure MAC addresses:

 Single 802.1X

 Multi 802.1X

 MAC-Based Auth.

If a client is denied access - either because the RADIUS server denies

the client access or because the RADIUS server request times out

(according to the timeout specified on the Configuration > Security >

AAA page) - the client is put on hold in the Unauthorized state. The hold

timer does not count during an on-going authentication.

In MAC-based Auth. mode, the switch will ignore new frames coming from

the client during the hold time.