Filter
Top Products
61-7
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter 61 Configuring Identity Policies
802.1x Policy Page
Control type The control state of the interface, which determines whether the host is
granted access to the network. Options are:
• Force Authorize—Disables 802.1x authentication and causes the
interface to move to the authorized state without requiring any
authentication exchange. This means the interface transmits and
receives normal traffic without 802.1x-based authentication of the
host. This is the default.
• Auto—Enables 802.1x authentication and causes the interface to
begin in the unauthorized state, allowing only EAPOL frames to be
sent and received through the interface. If a host is successfully
authenticated, the interface state changes to authorized, which
enables all frames from the host through the interface.
Enable client
reauthentication
When selected, enables periodic reauthentication of client PCs on the
802.1x interface. Reauthentication is performed after the interval
defined in the Client reauthentication period timeout field. The default
period is 3600 seconds (1 hour).
When deselected, periodic reauthentication is not performed.
Client reauthentication
period timeout
Applies only when the Enable client reauthentication check box is
selected.
The number of seconds between client reauthentication attempts. Valid
values range from 1 to 65535 seconds. The default is 3600 seconds (1
hour).
Quiet period The amount of time the router remains in a quiet state after a failed
authentication exchange with the client. Authentication exchanges
might fail, for example, because the client provided an invalid
password.
Valid values range from 1 to 65535 seconds. The default is 120 seconds.
Note Entering a value smaller than the default provides a faster
response time to the user.
Rate Limit period The interval after which the interface throttles the EAP-Start packets it
receives from malfunctioning client PCs. Use this setting, called rate
limiting, to prevent these clients from wasting router processing power.
Valid values range from 1 to 65535 seconds. By default, rate limiting is
disabled.
Note To disable an existing rate limit, delete the value defined in this
field and leave the field blank.
AAA Server timeout The number of seconds the router waits before retransmitting packets
to the AAA server. If the router sends an 802.1x packet to the AAA
server and the server does not respond, the router sends another packet
after this interval elapses.
Valid values range from 1 to 65535 seconds. The default is 30 seconds.
Table 61-1 802.1x Page (Continued)
Element Description