Cisco Systems 2940 Enabling Periodic Re-Authentication

8-11

Catalyst 2940 Switch Software Configuration Guide

78-15507-02

Chapter8 Configuring 802.1X Port-B as ed Authentication Configuring 802.1X Authentication

To delete the specified RADIUS server, use the no radius-server host {hostname | ip-address} global

configuration command.

This example shows how to specify the server with IP address 172.20.39.46 as the R ADI US server, to

use port 1612 as the authorization port, and to set the encr yption key to rad123, matching the key on the

RADIUS server:

Switch(config)# radius-server host 172.l20.39.46 auth-port 1612 key rad123

You can globally configure the timeout, retransmission, and encryption key values for all RADIUS

servers by using the radius-server host global configuration command. If you want to configure these

options on a per-server basis, use the radius-server timeout, radius-server retransmit, and the

radius-server key global configuration commands. For more information, see the “Configuring Settings

for All RADIUS Servers” section on page7-28.

You also need to configure some settings on the RADIUS server. These settings include the IP address

of the switch and the key string to be shared by both the server and the switch. For more information,

refer to the RADIUS server documentation.

Enabling Periodic Re-Authentication

You can enable periodic 802.1X client re-authentication and specify how often it occ urs . If yo u do not

specify a time period before enabling re-authentication, the number of seconds betwee n

re-authentication attempts is 3600.

Command Purpose

Step1 configure terminal Enter global configuration mode.

Step2 radius-server host {hostname |

ip-address} auth-port port-number key

string

Configure the RADIUS server parameters on the switch.

For hostname | ip-address, specify the host name or IP address of the

remote RADIUS server.

For auth-port port-number, specify the UDP destination port for

authentication requests. The default is 1812.

For key string, specify the authentication and encryption key used

between the switch and the RADIUS daemon running on the RADIUS

server. The key is a text string that must match the encryption key used on

the RADIUS server.

Note Always configure the key as the last item in the radius-server

host command syntax because leading spaces are ignored, but

spaces within and at the end of the key are used. If you u se sp aces

in the key, do not enclose the key in quotation marks unless the

quotation marks are part of the key. This key must match the

encryption used on the RADIUS daemon.

If you want to use multiple RADIUS servers, re-enter this command.

Step3 end Return to privileged EXEC mode.

Step4 show running-config Verify your entries.

Step5 copy running-config startup-config (Optional) Save your entries in the configuration file.