13-39
Cisco IE 2000 Switch Software Configuration Guide
OL-25866-01
Chapter 13 Configuring IEEE 802.1x Port-Based Authentication
How to Configure IEEE 802.1x Port-Based Authentication
Configuring Periodic Reauthentication
You can enable periodic 802.1x client reauthentication and specify how often it occurs. If you do not specify
a time period before enabling reauthentication, the number of seconds between attempts is 3600. Beginning
in privileged EXEC mode, follow these steps to enable periodic reauthentication of the client and to configure
the number of seconds between reauthentication attempts. This procedure is optional.
Step 5 switchport voice vlan vlan-id (Optional) Configures the voice VLAN.
Step 6 end Returns to privileged EXEC mode.
Step 7 show authentication interface
interface-id
Verifies your entries.
Step 8 copy running-config startup-config (Optional) Saves your entries in the configuration file.
Command Purpose
Command Purpose
Step 1 configure terminal Enters global configuration mode.
Step 2 interface interface-id Specifies the port to be configured, and enter interface configuration
mode.
Step 3 authentication periodic Enables periodic reauthentication of the client, which is disabled by
default.
Note The default value is 3600 seconds. To change the value of the
reauthentication timer or to have the switch use a
RADIUS-provided session timeout, enter the authentication
timer reauthenticate command.
Step 4 authentication timer {{[inactivity |
reauthenticate]} {restart value}}
Sets the number of seconds between reauthentication at tempts.
inactivity—Interval in seconds after which if there is no activity from
the client then it is unauthorized
reauthenticate—Time in seconds after which an automatic
reauthentication attempt is be initiated.
restart value—Interval in seconds after which an attempt is made to
authenticate an unauthorized port.
This command affects the behavior of the switch only if periodic
reauthentication is enabled.
Step 5 authentication timer reauthenticate
seconds
Sets the number of seconds that the switch waits for a respon se to an
EAP-request/identity frame from the client before resending the request.
The range is 1 to 65535 seconds; the default is 5.
Note You should change the default value of this command only to
adjust for unusual circumstances such as unreliable links or
specific behavioral problems with certain clients and
authentication servers.
Step 6 end Returns to privileged EXEC mode.