CLI Reference Guide
320 CHAPTER 7: CONFIGURING AUTHENTICATION, AUTHORIZATION, AND ACCOUNTING PARAMETERS
10 To set the maximum number of times the WX switch retransmits an EAP
request to the client before timing out the authentication session, specify
the value (0 to 10) in the Maximum Requests box. The default is
2attempts.
To support SSIDs that have both 802.1X and static WEP clients, MSS
sends a maximum of two ID requests, even if this parameter is set to a
higher value. Setting the parameter to a higher value does affect all other
types of EAP messages.
11 To enable encryption key information to be sent to the client after
authentication in EAPoL-Key PDUs, select Key Transmit.
The WX switch sends EAPoL key messages after successfully
authenticating the client and receiving authorization attributes for the
client. If the client is using dynamic Wired-Equivalent Privacy protocol
(WEP), the EAPoL key messages are sent immediately after authorization.
To disable this option, clear Key Transmit. By default, this option is
enabled.
12 To enable reauthentication of 802.1X clients, select Reauthentication.
To disable reauthentication, clear Reauthentication. By default,
reauthentication is enabled.
13 To specify the number of reauthentication requests the WX switch
attempts before an 802.1X client becomes unauthorized, specify the
value (1 to 10) in the Reauthentication Attempts box. The default is 2
attempts.
If the number of reauthentications for a wired authentication client is
greater than the maximum number of reauthentications allowed, MSS
sends an EAP failure packet to the client and removes the client from the
network. However, MSS does not remove a wireless client from the
network under these circumstances.
14 To specify the number of seconds before reauthentication is attempted,
specify the timeout value, from 60 to 1,641,600 seconds (19 days), in the
Reauthentication Period box. The default is 3600 seconds (one hour).
MSS reauthenticates dynamic WEP clients based on the reauthentication
timer. MSS also reauthenticates WPA clients if the clients use the WEP-40
or WEP-104 cipher. For each dynamic WEP client or WPA client using a
WEP cipher, the reauthentication timer is set to the lesser of the global
setting or the value returned by the AAA server with the rest of the
authorization attributes for that client.