Cisco Systems 2940 Setting the Switch-to-Client Frame-Retransmission Number, Configuring the Host Mode

8-14

Catalyst 2940 Switch Software Configuration Guide

78-15507-02

Chapter8 Configuring 802.1X Port-Based Authentication

Configuring 802.1X Authentication

This example shows how to set 60 as the number of seconds that the switch waits for a response to an

EAP-request/identity frame from the client before rese ndin g t h e re que st:

Switch(config-if)# dot1x timeout tx-period 60

Setting the Switch-to-Client Frame-Retransmission Number

In addition to changing the switch-to-client retransmiss io n ti m e, y ou ca n chan ge the n umb er o f tim es

that the switch sends an EAP-request/identity frame (assuming no response is received) to the client

before restarting the authentication process.

Note You should change the default value of this command only to adjust for unusual circumstances such a s

unreliable links or specific behavioral problems with certain clients an d aut h en ticati on servers .

Beginning in privileged EXEC mode, follow these steps to set the switch-to-client frame-retransmission

number. This procedure is optional.

To return to the default retransmission number, use the no dot1x max-req interface configuration

command.

This example shows how to set 5 as the number of times that the switch sends an EAP-request/identity

request before restarting the authentica tio n p r oce ss :

Switch(config-if)# dot1x max-req 5

Configuring the Host Mode

You can configure an 802.1X port for single-host or for multiple-hosts mode. In single-host mode, only

one host is allowed on an 802.1X port. When the host is authenticated, the port is placed in the authorized

state. When the host leaves the port, the port becomes unauthorized. Packets from hosts other than the

authenticated one are dropped.

You can attach multiple hosts to a single 802.1X-enabled port as shown in Figure 8-3 on page 8-5. In

this mode, only one of the attached hosts must be successfully authorized for all hosts to be granted

network access. If the port becomes unauthorized (re-authenticati on fails or an EAPOL-logoff message

is received), all attached clients are denied access to the network.

Command Purpose

Step1 configure terminal Enter global configuration mode.

Step2 interface interface-id Enter interface configuration mode, and specify the interface to be

configured.

Step3 dot1x max-req count Set the number of times that the switch sends an EAP-request/identity

frame to the client before restarting the authentication process. The range

is 1 to 10; the default is 2.

Step4 end Return to privileged EXEC mode.

Step5 show dot1x interface interface-id Verify your entries.

Step6 copy running-config startup-config (Optional) Save your entries in the configuration file.