13-40
Cisco IE 2000 Switch Software Configuration Guide
OL-25866-01
Chapter 13 Configuring IEEE 802.1x Port-Based Authentication
How to Configure IEEE 802.1x Port-Based Authentication
Configuring Optional 802.1x Authentication Features
Step 7 show authentication interface
interface-id
Verifies your entries.
Step 8 copy running-config startup-config (Optional) Save your entries in the configuration file.
Command Purpose
Step 1 dot1x reauthenticate interface
interface-id
(Optional) Manually initiates a reauthentication of the specified IEEE
802.1x-enabled port.
Step 2 authentication mac-move permit (Optional) Enables MAC move on the switch.
Step 3 authentication violation {protect |
replace | restrict | shutdown}
(Optional) replace—Enables MAC replace on the interface. The port
removes the current session and initiates authen tication with the new host.
The other keywords have these effects:
protect—Drops port packets with unexpected MAC addresses
without generating a system message.
restrictDrops violating packets by the CPU and a system message
is generated.
shutdownError-disables the port when it receives an unexpected
MAC address.
Step 1 configure terminal Enters global configuration mode.
Step 2 mab request format attribute 32 vlan
access-vlan
(Optional) Enables VLAN ID-based MAC authentication.
Step 3 interface interface-id (Optional) Specifies the port to be configured, and enters interface
configuration mode.
Step 4 authentication timer inactivity seconds (Optional) Sets the number of seconds that the switch remains in the quiet
state after a failed authentication exchange with the client.
The range is 1 to 65535 seconds; the default is 60.
Step 5 authentication timer reauthenticate
seconds
(Optional) Sets the number of seconds that the switch waits for a response
to an EAP-request/identity frame from the client before resending the
request.
The range is 1 to 65535 seconds; the default is 5.
Note You should change the default value of this command only to
adjust for unusual circumstances such as unreliable links or
specific behavioral problems with certain clients and
authentication servers.
Command Purpose