10-14
Catalyst2950 and Catalyst2955 Switch Software Configuration Guide
78-11380-10
Chapter10 Configuring 802.1x Port-Based Authentication
Configuring 802.1x Authentication
This example shows how to specify the server with IP address 172.20.39.46 as the R ADI US server, to
use port 1612 as the authorization port, and to set the en cryption key to rad123, matching the key on the
RADIUS server:
Switch(config)# radius-server host 172.l20.39.46 auth-port 1612 key rad123
You can globally configure the timeout, retransmission, and encryption key values for all RADIUS
servers by using the radius-server host global configuration command. If you want to configure these
options on a per-server basis, use the radius-server timeout, radius-server retransmit, and the
radius-server key global configuration commands. For more information, see the “Configuring Settings
for All RADIUS Servers” section on page9-29.
You also need to configure some settings on the RADIUS server. These settings include the IP address
of the switch and the key string to be shared by both the server and the switch. For more information,
refer to the RADIUS server documentation.
Enabling Periodic Re-Authentication
You can enable periodic 802.1x client re-authentication and specify how often it occurs. If you do not
specify a time period before enabling re-authentication, the number of seconds betwee n
re-authentication attempts is 3600.
Beginning in privileged EXEC mode, follow these steps to enable periodic re-aut hentication of th e client
and to configure the number of seconds between re-authentication attempts. This proc ed ure is opt iona l.
To disable periodic re-authentication, use the no dot1x reauthentication interface configuration
command. To return to the default number of seconds between re-authentication attempts, use the no
dot1x timeout reauth-period global configuration command.
This example shows how to enable periodic re-authentication and set the number of seconds between
re-authentication attempts to 4000:
Switch(config-if)# dot1x reauthentication
Switch(config-if)# dot1x timeout reauth-period 4000
Command Purpose
Step1 configure terminal Enter global configuration mode.
Step2 interface interface-id Specify the interface to be configured, and enter interface configuration
mode.
Step3 dot1x reauthentication Enable periodic re-authentication of the client, whi ch i s disa bled by
default.
Step4 dot1x timeout reauth-period seconds Set the number of seconds between re-authentication attempts.
The range is 1 to 65535; the default is 3600 seconds.
This command affects the behavior of the switch only if periodic
re-authentication is enabled.
Step5 end Return to privileged EXEC mode.
Step6 show dot1x interface interface-id Verify your entries.
Step7 copy running-config startup-config (Optional) Save your entries in the configuration file.