Controlling Authentication Session Timeouts (CLI Procedure)
For 802.1X and MAC RADIUS authentication sessions, the timeout of the session depends on the reauthentication value that you configure. Additionally, unless you configure it not to, the session is removed from the authentication session table when the MAC address ages out of the Ethernet switching table (when the value specified for the mac-table-aging-time is exceeded).
Before you begin:
- Specify the RADIUS server or servers to be used as the authentication server. See Specifying RADIUS Server Connections on an EX Series Switch (CLI Procedure).
- Configure 802.1X authentication on the switch. See Configuring 802.1X Interface Settings (CLI Procedure).
To configure the authentication session time on all interfaces:
[edit]
user@switch# set protocols
dot1x authenticator interface all seconds;To configure the authentication session time on a single interface:
[edit]
user@switch# set protocols
dot1x authenticator interface interface-name seconds;To disable removal of authentication sessions from the authentication session table when a MAC address ages out of the Ethernet switching table, remove the binding of the authentication table to the Ethernet switching table
To remove the binding on all interfaces:
[edit]
user@switch# set protocols
dot1x authenticator interface all no-mac-table-binding;To remove the binding on a single interface:
[edit]
user@switch# set protocols
dot1x authenticator interface interface-name no-mac-table-binding;