Programmable Internetworking & Communication Operating System Docs ... Click Spaces -> Space Directory to see docs for all releases ...
Page tree
Skip to end of metadata
Go to start of metadata

The set protocols dot1x interface session-timeout command configures the expire timer for the authenticated session.

Command Syntax

set protocols dot1x [interface <interface-name>session-timeout <session-timeout>




interface <interface-name>

Optional. Specifies the physical interface name. The value could be ge-1/1/1, xe-1/1/2, and so on.

If no interface is specified, it represents a global configuration.

session-timeout <session-timeout>

Specifies the expire timer for the authenticated session. The value is an integer that ranges from 0 to 86400, in seconds. The default value is 3600s.

Note that, “0” indicates authenticated session will never expire.

Usage Guidelines

The authenticated session will expire after a period of session-timeout and start a new authentication process. The switch will send request packet to the AAA server or the client after the expire timer for re-authentication.

The AAA server can also issue session-timeout, which takes precedence over the local configuration on the switch. About the processing for session-timeout Attribute issued by the AAA server, see section Response to session-timeout Attribute in Principle of NAC.


  • The session timeout configuration based on an interface takes precedence over that of the global configuration.
  • Configuration changes will only affect clients who need to do DOT1X authentication later.


  • Configure the global session expire timer for the authenticated session.
admin@Xorplus# set protocols dot1x session-timeout 1800
admin@Xorplus# commit
  • No labels