I have posted about this subject before, dot1x behavior and dot1x behavior 2. My problem is max-req and max-rerauth-req. The definition of each provided do not appear to match the definition in this Cisco doc "http://www.cisco.com/en/US/docs/switches/lan/catalyst3550/software/release/12.2_25_see/configuration/guide/sw8021x.html#wp1025468" Specifically, sections "setting the switch to client retransmission number" and " setting the reauthentication number" the document states max-req is the number of EAP request identity frames that are sent to authenticate the client before restarting the authentication process. The prior answer provided appears to be in conflict with the documentation, can someone provide some insight as what these parameters are?
This is the timer for EAPOL-Identity-Request frames (only). So, if you plug in a device incapable of 802.1X, 3 EAPOL-Id-Req frames will go out on the wire before the state machine resets. Alternatively, if you have the Guest-VLAN configured, 3 will go out on the wire before the port is enabled. This parameter has a default value of 2.
This value affects the number of times EAPOL DATA packets are re-transmitted (if lost, or not replied to). For example, if you have a supplicant in the middle of authenticating and it has a problem, the authenticator will re-transmit requests for data 3 times before giving up on the authentication request.
Both of these timers indicate responsibility of the authenticator to retransmit frames if that warrant a response by a supplicant and have gone unanswered.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :