The 802.1x authentication process is controlled by a number of configurable timers. There are two separate sets, one for the EAPOL message exchange and one for the RADIUS message exchange. Figure: 802.1x EAPOL Timers and RADIUS Timers shows an example of the timers.
EAPOL timers:
transmit-period — indicates how many seconds after sending an EAP-Request/ID frame that the 7705 SAR will listen for a supplicant to authenticate (by sending a EAP-Response/ID frame). If the timer expires before a response is received, a new EAP-Request/ID frame will be sent and the timer restarted. The default value is 30 s. The range is 1 to 3600 s.
supplicant-timeout — indicates how many seconds to allow the 7705 SAR to complete the authentication process. This timer is started at the beginning of a new authentication process (transmission of first EAP-Request/ID frame and receipt of an EAP-Response/ID frame). If the timer expires, the 802.1x authentication session is considered to have failed and the 7705 SAR waits for the quiet-period timer to expire before processing another authentication request. The default value is 30 s. The range is 1 to 300 s.
quiet-period — indicates the number of seconds that the authenticator will not search for clients after an unsuccessful EAP authentication. The timer is started after sending an EAP-Failure message or after expiry of the supplicant timeout timer. The default value is 60 s. The range is 1 to 3600 s.
RADIUS timers:
max-auth-req — indicates the maximum number of times that the authenticator will send an authentication request to the RADIUS server before the process is considered as to have failed. The default value is 2. The range is 1 to 10.
server-timeout — indicates how many seconds the authenticator will wait for a RADIUS response message. If the timer expires, the access request message is sent again, up to the max-auth-req value, and the timer is reset. The default value is 30 s. The range is 1 to 300 s.
The authenticator can also be configured to periodically trigger the authentication process automatically. This is controlled by the enable reauthentication and reauthentication period parameters. Re-auth-period indicates the time in seconds (since the last time that the authorization state was confirmed) before a new authentication process is started. The range of re-auth-period is 1 to 9000 s (the default is 3600 s). The port stays in an authorized state during the reauthentication process.