802.1x settings

DevilWAHDevilWAH Member Posts: 2,997 ■■■■■■■■□□
Can some one explan the difference beween these two commands for dot1z please


dot1x timeout supp-timeout

"The client notifies the switch that it received the EAP-request frame. If the switch does not receive this notification, the switch waits a set period of time, and then retransmits the frame. You may set the amount of time that the switch waits for notification from 1 to 65535 seconds. (The default is 30 seconds.) "

and

dot1x timeout tx-period 10

The client responds to the EAP-request/identity frame from the switch with an EAP-response/identity frame. If the switch does not receive this response, it waits a set period of time (known as the retransmission time), and then retransmits the frame.

Am i correct in thinking the first statment is only for the first eap frame (the initial responce) and the second is for all further frames in the conversation?

Cheers
  • If you can't explain it simply, you don't understand it well enough. Albert Einstein
  • An arrow can only be shot by pulling it backward. So when life is dragging you back with difficulties. It means that its going to launch you into something great. So just focus and keep aiming.

Comments

  • Are those explanations from the same documention for the same version of software?
    "There are 3 types of people in this world, those who can count and those who can't"
  • DevilWAHDevilWAH Member Posts: 2,997 ■■■■■■■■□□
    yes same doc one after the other.
    • If you can't explain it simply, you don't understand it well enough. Albert Einstein
    • An arrow can only be shot by pulling it backward. So when life is dragging you back with difficulties. It means that its going to launch you into something great. So just focus and keep aiming.
  • creamy_stewcreamy_stew Member Posts: 406 ■■■□□□□□□□
    If I read that correctly, the first value is how log the switch actually waits before it times out the auth.

    The second value is how often it will try and resend to the client.

    Dunno though. Wasn't even aware of those commands TBH.
    Itchy... Tasty!
    [X] DCICN
    [X] IINS

    [ ] CCDA
    [ ] DCICT
  • DevilWAHDevilWAH Member Posts: 2,997 ■■■■■■■■□□
    nope there a third command to set the retry number ;)

    that by default is 3 times

    dot1x max-req 5
    or dot1x max-reauth-req 4

    how may time to resend the packet, and how many time to restart the whole authentication process

    Looking at the time outs a bit more, one it seems is the switch sourced eap packet to client packets reply, and one is for when the switch forwards a packet from the server to the client and waiting for a reply.
    • If you can't explain it simply, you don't understand it well enough. Albert Einstein
    • An arrow can only be shot by pulling it backward. So when life is dragging you back with difficulties. It means that its going to launch you into something great. So just focus and keep aiming.
Sign In or Register to comment.