Cisco Systems DOC-7814982 Enabling Periodic Re-Authentication

8-10

Catalyst 2950 Desktop Switch Software Configuration Guide

78-14982-01

Chapter 8 Configuring 802.1X Port-Based Authentication

Configuring 802. 1X Authe n tication

This exam ple sh ows how to specify the server w it h IP add re ss 172. 20. 39.46 a s the R ADI US server, to

use port 1612 as the authorization port, and to set the encryption key to rad123, matching the k e y on the

RADIUS server:

Switch(config)# radius-server host 172.l20.39.46 auth-port 1612 key rad123

You can globally configure the timeout, retransmission, and encryption key values for all RADIUS

servers by using the radius-server host global configur ation c omma nd. If y ou want t o configu re t hese

options on a per-server basis, use the radius-server timeout, radius -server retrans mit, a nd the

radius-serv er key global configuration commands. For more information, see the “Configuring Settings

for Al l R ADI US S er vers” section on page 7-29.

You also need to configure some settings on the RADIUS server. These settings include the IP address

of the switch and the key string to be shared by both the server and the switch. For more information,

refer to the RADIUS server documentation.

Enabling Periodic Re-Authentication

You ca n en ab le per iodi c 8 02. 1X c li ent re-a uthe nti cat ion a nd spe cif y h ow often i t o cc urs . If yo u do not

specify a tim e period before ena bling re-authen ticati on, the nu mber of seconds betw een

re-authentication attempts is 3600.

Autom atic 8 02.1X clie nt re -aut hent icat ion i s a gl obal setti ng and c anno t b e set for clien ts conne cted t o

individual ports. To manually re-authenticate the client connected to a specific port, see the “Manually

Re-Authe nticat ing a Client Connected to a Port ” sect ion o n page 8-11.

Beginn ing in pri vileged EXE C mode, follo w these steps to e nable periodic re-aut hentication of th e client

and to configure the number of seconds between re-authentication attempts:

To di sable pe riodi c r e- aut hent icat ion, use th e no dot1 x re- authe nti c atio n gl ob al co nfigurat ion

comm and.To return to the d efaul t nu mbe r of se conds be tw ee n re -a uthe ntica ti on atte mp ts, u se t he no

dot1x timeout re-authperiod globa l c onfiguratio n c omma nd .

This example shows how to enable periodic re-authentication and set the number of seconds between

re-authe nticat ion atte mpts to 400 0:

Switch(config)# dot1x re-authentication

Switch(config)# dot1x timeout re-authperiod 4000

Command Purpose

Step 1 configure terminal Enter glob al co nfiguration mo de.

Step 2 dot1x re-authentication Enab le peri odic r e-au then t icat ion o f th e c lie nt, whi ch i s disa bled by

default.

Step 3 dot1x timeout re-authperiod seconds Set the nu mber of seco nds betwee n re-aut hentica tion atte mpts.

The range is 1 to 4294967 295; t he default is 3600 second s.

This comm and affects the be havior of the switch only if pe riodic

re-authe ntic ation is ena bled.

Step 4 end Return to privileged EXEC mode.

Step 5 show dot1x Verify your entries.

Step 6 copy running-config startup-config (Optional) Save your entries in the configuration file.