The set protocols dot1x interface session-timeout command configures the expire timer for the authenticated session.
set protocols dot1x [interface <interface-name>] session-timeout <session-timeout>
Optional. Specifies the physical interface name. The value could be ge-1/1/1, xe-1/1/2, and so on.
If no interface is specified, it represents a global configuration.
Specifies the expire timer for the authenticated session. The value is an integer that ranges from 0 to 86400, in seconds. The default value is 3600s.
Note that, “0” indicates authenticated session will never expire.
The authenticated session will expire after a period of session-timeout and start a new authentication process. The switch will send request packet to the AAA server or the client after the expire timer for re-authentication.
The AAA server can also issue session-timeout, which takes precedence over the local configuration on the switch. About the processing for session-timeout Attribute issued by the AAA server, see section Response to session-timeout Attribute in Principle of NAC.
- The session timeout configuration based on an interface takes precedence over that of the global configuration.
- Configuration changes will only affect clients who need to do DOT1X authentication later.
- Configure the global session expire timer for the authenticated session.