HPE Community read-only access December 15, 2018
This is a maintenance upgrade. You will be able to read articles and posts, but not post or reply.
Hours:
Dec 15, 4:00 am to 10:00 am UTC
Dec 14, 10:00 pm CST to Dec 15, 4:00 am CST
Dec 14, 8:00 pm PST to Dec 15, 2:00 am PST
Comware Based
cancel
Showing results for 
Search instead for 
Did you mean: 

Dot1x with Guest-VLAN

 
Pete W
Valued Contributor

Dot1x with Guest-VLAN

I am building a solution where all ports in a building use 802.1x with dynamic VLANs. This is working ok.

I have a GUEST-VLAN configured for devices that do not speak 802.1x and in this case it takes about 40 seconds from the link coming up to the PC getting an IP.

 

The problem I am having is that when I PXE boot a PC - 40s is too long and the PXE boot process fails.

 

Does anybody know how to reduce the time it takes for a 5120-EI to put an interface into the guest-VLAN. I've tried reducing every timer possible that I can find, but it still seems to take about 40s.

 

# Global dot1x Config

dot1x
dot1x timer tx-period 10
dot1x timer supp-timeout 1
dot1x retry 1
dot1x timer handshake-period 5
dot1x timer reauth-period 60
dot1x authentication-method eap

 

# Sample Interface Config

interface GigabitEthernet1/0/18
port link-type hybrid
undo port hybrid vlan 1
port hybrid vlan 88 untagged
port hybrid pvid vlan 88
undo voice vlan mode auto
voice vlan 50 enable
poe enable
stp edged-port enable
lldp compliance admin-status cdp txrx
dot1x re-authenticate
dot1x guest-vlan 88
undo dot1x handshake
dot1x port-method portbased
dot1x

 

Regards,

 

Pete

HPE MASE
Aruba ACMP
Fortinet NSE 1-7
Cisco CCNP
1 REPLY
Vince_Whirlwind
Trusted Contributor

Re: Dot1x with Guest-VLAN

On the interfaces themselves: stp edged-port