Buy or Renew
Buy or Renew
NEW! Stay up-to-date on Cisco Secure Access: Software Release Notes and Announcements
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
756
Views
0
Helpful
4
Replies

802.1X - configuring authentication attempts

prasannap
Level 1
Level 1

‎12-25-2005 08:47 AM - edited ‎02-21-2020 10:14 AM

Can you configure multiple attempts (more then the defaule=3)with 802.1X & radius (cisco acs 4.0) in a wired environment?

Labels:
0 Helpful
4 Replies 4

suguilian
Level 1
Level 1

‎12-27-2005 09:16 PM

You can use "dot1x max-req" under the interface to control how many times the suppliant can try to communicate with RADIUS server.

0 Helpful

jafrazie
Cisco Employee
Cisco Employee
In response to suguilian

‎12-28-2005 10:10 AM

Actually, max-req represents the maximum number of retries a switch attempts (if it needs to) for EAP-Request frames of types other than EAP-Identity-Request.

Or in other words, say a supplicant disappears (or goes bonkers) in the middle of an authentication attempt. The switch would re-transmit an EAP-Data-Request frame it did not get a response to twice (if you assume max-req = 3) before giving up on the auth attempt completely.

So apologies for being too literal, but what do you meand by "configure multiple attempts"?

Thanks,

0 Helpful

prasannap
Level 1
Level 1
In response to jafrazie

‎12-31-2005 01:54 AM

My customer wants the user to be able to have more no of attempts to provide the username & password in the event of the user providing wrong information. AT the moment the switch provides 3 attempts. I have configured the max req = 5 but still it provides only 3 attempts in total. Is there some thing i am missing?

0 Helpful

andrew.butterworth
Level 7
Level 7
In response to prasannap

‎01-06-2006 01:34 PM

What supplicant are you using? I have been doing some testing using the Windows built-in supplicant (Windows 2000) and have found that Windows seems to surpress subsequent authentication attempts after the 3rd failure. Debugging shows the switch still sending the EAPOL frames to the client but the client just ignores them. You can manually restart the 'Wireless Configuration Service' on the client and the logon dialogue box appears again, either that or unplug the ethernet cable and re-connect it.

It maybe soemthing that can be increased on the client through a registry setting but I haven't found anything yet.

HTH

Andy

0 Helpful
Customers Also Viewed These Support Documents