Specifications

ManualsBrandsEnterasys ManualsComputer equipmentRoamAbout RBT-8100

361

362

363

364

365

366

367

368

369

370

Configuring 802.1X Authentication

17-16 Configuring AAA for Network Users

• host/*.mycorp.com(userglobforthemachineauthenticationrule)

•*.mycorp.com(userglobfortheuserauthenticationrule)

Ifthedomainnamehasmorenodes(forexample,nl.mycorp.com),useanasteriskineachnode

thatyouwanttomatchglobally.Forexample,tomatchonallmachinesandusersinmycorp.com,

usethefollowinguserglobs:

• host/*.*.mycorp.com

(userglobforthe machineauthenti cationrule)

•*.*.mycorp.com(userglobfortheuserauthenticationrule)

Usemorespecificrulestodirectmachinesanduserstodifferentservergroups.Forexample,to

directusersinnl.mycorp.comtoadifferentservergroupthanusersinde.mycorp.com,usethe

followinguserglobs:

• host/*.nl.mycorp.com(userglobforthemachineauthentication

rule)

•*.nl.mycorp.com(userglobfortheuserauthenticationrule)

• host/*.de.mycorp.com(userglobforthemachineauthenticationrule)

•*.de.mycorp.com(userglobfortheuserauthenticationrule)

Bonded Auth Period

TheBondedAuthperiodisthenumberofsecondsMSSallowsaBondedAuthuserto

reauthenticate.

Aftersuccessfulmachineauthentication,asessionforthemachineappearsinthesessiontablein

MSS.Whentheuserlogsonandisauthenticated,theusersessionreplacesthemachinesessionin

thetable.

However,sincetheuser’sauthenticationrulecontainsthebondedoption,MSS

remembersthatthemachinewasauthenticated.

IfaBondedAuthuser’ssessionisendeddueto802.1XreauthenticationortheRADIUSSession‐

Timeoutparameter,MSScanallowtimefortheusertoreauthenticate.Theamountoftimethat

MSSallows

forreauthenticationiscontrolledbytheBondedAuthperiod.

IftheuserdoesnotreauthenticatewithintheBondedAuthperiod,MSSdeletestheinformation

aboutthemachinesession.Afterthemachinesessioninformationisdeleted,theBondedAuth

usercannotreauthenticate.Whenthisoccurs,theuserwillneedtologoff,

thenlogbackon,to

accessthenetwork.Aftermultiplefailedreauthenticationattempts,theusermightneedtoreboot

thePCbeforeloggingon.

Bydefault,theBondedAuthperiodis0seconds.MSSdoesnotwaitforaBondedAuthuserto

reauthenticate.

YoucansettheBondedAuth

periodtoavalueupto300seconds.EnterasysNetworks

recommendsthatyoutry60seconds,andchangetheperiodtoalongervalueonlyifclientsare

unabletoauthenticatewithin60seconds.

TosettheBondedAuthperiod,usethefollowingcommand:

set dot1x bonded-period seconds

ToresettheBondedAuthperiodtoitsdefaultvalue(0),usethefollowingcommand:

clear dot1x bonded-period