10-49
Catalyst 2960 and 2960-S Switch Software Configuration Guide
OL-8603-09
Chapter 10 Configuring IEEE 802.1x Port-Based Authentication
Configuring 802.1x Authentication
This example shows how to enable periodic re-authentication and set the number of seconds between
re-authentication attempts to 4000:
Switch(config-if)# dot1x reauthentication
Switch(config-if)# dot1x timeout reauth-period 4000
Manually Re-Authenticating a Client Connected to a Port
You can manually re-authenticate the client connected to a specific port at any time by entering the dot1x
re-authenticate interface interface-id privileged EXEC command. This step is optional. If you want to
enable or disable periodic re-authentication, see the “Configuring Periodic Re-Authentic ation” section
on page 10-48.
This example shows how to manually re-authenticate the client conne cted to a port:
Switch# dot1x re-authenticate interface gigabitethernet2/0/1
Switch# dot1x re-authenticate interface gigabitethernet0/1
Changing the Quiet Period
When the switch cannot authenticate the client, the switch remains idle for a set period of time and then
tries again. The dot1x timeout quiet-period interface configuration command controls the idle period.
A failed client authentication might occur because the client provided an invalid password. You can
provide a faster response time to the user by entering a number smaller than the default.
Beginning in privileged EXEC mode, follow these steps to change the quiet per iod. This procedure is
optional.
To return to the default quiet time, use the no dot1x timeout quiet-period interface configuration
command.
This example shows how to set the quiet time on the switch to 30 seconds:
Switch(config-if)# dot1x timeout quiet-period 30
Command Purpose
Step 1 configure terminal Enter global configuration mode.
Step 2 interface interface-id Specify the port to be configured, and enter interface configuration mode.
Step 3 dot1x timeout quiet-period seconds Set the number of seconds that the switch remains in the quiet state after
a failed authentication exchange with the client.
The range is 1 to 65535 seconds; the default is 60.
Step 4 end Return to privileged EXEC mode.
Step 5 show authentication interface-id
or
show dot1x interface interface-id
Verify your entries.
Step 6 copy running-config startup-config (Optional) Save your entries in the configuration file.