Dot1x question

miloskv · ‎11-28-2005

Hi everyone. Let me explain my problem. I have one PC that is directly connected to 7940 phone, and 7940 phone is connected to port f0/24 on 3560 switch. On that port dot1x has been turned on. Switch is configured correctly to forward EAP messages to RADIUS (W2K3). PC is Windows XP with modified registry (so it is sending EAP logoff messages when user logs out). Port f0/24 is configured as dot1x multi-host

When user logs out from PC, i want to minimize time for port f0/24 to go down as soon as possible.

For now: when user logs off, port go to dot1x unauthorized state for about 60 seconds.

It is very important for me because i need to disable 7940 phone as soon as possible when user logs off (because user is going out from his/her office and phone need to be off).

Is there any tip or trick how to do this? Can anyone help or give some ideas where to look for some help?

Please write... (mail to: miloskv@gmail.com)

stomasko · ‎11-28-2005

I haven't changed this before but I believe you can find what you are looking for on this webpage: http://www.cisco.com/en/US/products/hw/switches/ps5528/products_configuration_guide_chapter09186a00801e85c4.html#1025090

My guess is you might want to try this one first dot1x timeout quiet-period seconds

Good luck.

Steve

miloskv · ‎11-29-2005

Hi Steve. I did look that document you've sent to me. I also did change quiet-time period from 60 seconds to 10 seconds, although this did not help because port still need almost exactly 60 seconds to go down after my user from his XP professional logs off.

The most important is to shutdown the phone after user logs off. If I have timeout of 60 seconds, phone may ring and call may be cutted in this 60 seconds.

Thanks for advise... if anyone else have some other ideas, please contact me.