11-35
Catalyst 3750-X and 3560-X Switch Software Configuration Guide
OL-21521-01
Chapter 11 Configuring IEEE 802.1x Port-Based Authentication Configuring 802.1x Authentication
Configuring a Web Authentication Local Banner, page 11-65 (optional)
Disabling 802.1x Authentication on the Port, page 11-66 (optional)
Resetting the 802.1x Authentication Configuration to the Default Values, page 11-66 (optional)
Configuring MKA and MACsec, page 11-67 (optional)
Default 802.1x Authentication Configuration
Tab le 11-4 Default 802.1x Authentication Configuration
Feature Default Setting
Switch 802.1x enable state Disabled.
Per-port 802.1x enable state Disabled (force-authorized).
The port sends and receives normal traffic without 802.1x-based
authentication of the client.
AAA Disabled.
RADIUS server
IP address
UDP authentication port
Key
None specified.
1812.
None specified.
Host mode Single-host mode.
Control direction Bidirectional control.
Periodic re-authentication Disabled.
Number of seconds between re-authentication
attempts
3600 seconds.
Re-authentication number 2 times (number of times that the switch restarts the authentication process
before the port changes to the unauthorized state).
Quiet period 60 seconds (number of seconds that the switch remains in the quiet state
following a failed authentication exchange with the client).
Retransmission time 30 seconds (number of seconds that the switch should wait for a response to
an EAP request/identity frame from the client before resending the request).
Maximum retransmission number 2 times (number of times that the switch will send an EAP-request/identity
frame before restarting the authentication process).
Client timeout period 30 seconds (when relaying a request from the authentication server to the
client, the amount of time the switch waits for a response before resending the
request to the client.)
Authentication server timeout period 30 seconds (when relaying a response from the client to the authentication
server, the amount of time the switch waits for a reply before resending the
response to the server.)
You can change this timeout period by using the dot1x timeout
server-timeout interface configuration command.
Guest VLAN None specified.
Inaccessible authentication bypass Disabled.