Nortel 2350 用户指南
Managing 802.1X on the WSS 579
Nortel WLAN—Security Switch 2300 Series Configuration Guide
Setting EAP retransmission attempts
The following command sets the maximum number of times the WSS retransmits an 802.1X-encapsulated EAP request
to the supplicant (client) before it times out the authentication session:
to the supplicant (client) before it times out the authentication session:
set dot1x max-req number-of-retransmissions
The default number of retransmissions is 2. You can specify from 0 to 10 retransmit attempts. For example, type the
following command to set the maximum number of retransmission attempts to 3:
following command to set the maximum number of retransmission attempts to 3:
WSS# set dot1x max-req 3
success: dot1x max request set to 3.
success: dot1x max request set to 3.
To reset the number of retransmission attempts to the default setting, type the following command:
WSS# clear dot1x max-req
success: change accepted.
success: change accepted.
The amount of time WSS Software waits before it retransmits an 802.1X-encapsulated EAP request to the supplicant is
the same number of seconds as one of the following timeouts:
the same number of seconds as one of the following timeouts:
•
Supplicant timeout (configured by the set dot1x timeout supplicant command)
•
RADIUS session-timeout attribute
If both of these timeouts are set, WSS Software uses the shorter of the two. If the RADIUS session-timeout attribute is
not set, WSS Software uses the timeout specified by the set dot1x timeout supplicant command, by default 30 seconds.
not set, WSS Software uses the timeout specified by the set dot1x timeout supplicant command, by default 30 seconds.
Managing 802.1X client reauthentication
Reauthentication of 802.1X wireless supplicants (clients) is enabled on the WSS by default. By default, the WSS waits
3600 seconds (1 hour) between authentication attempts. You can disable reauthentication or change the defaults.
3600 seconds (1 hour) between authentication attempts. You can disable reauthentication or change the defaults.
Note.
To support SSIDs that have both 802.1X and static WEP clients, WSS Software
sends a maximum of two ID requests, even if this parameter is set to a higher value. Setting
the parameter to a higher value does affect all other types of EAP messages.
the parameter to a higher value does affect all other types of EAP messages.
Note.
You also can use the RADIUS session-timeout attribute to set the reauthentication
timeout for a specific client. In this case, WSS Software uses the timeout that has the lower
value. If the session-timeout is set to fewer seconds than the global reauthentication
timeout, WSS Software uses the session-timeout for the client. However, if the global
reauthentication timeout is shorter than the session-timeout, WSS Software uses the global
timeout instead.
value. If the session-timeout is set to fewer seconds than the global reauthentication
timeout, WSS Software uses the session-timeout for the client. However, if the global
reauthentication timeout is shorter than the session-timeout, WSS Software uses the global
timeout instead.