Cisco Systems OL-6244-01

2-309

Catalyst 6500 Series Switch Command Reference—Release8.4

OL-6244-01

Chapter2 Catalyst 6500 Series Switch and ROM Monitor Commands set dot1x

To activate the shutdown- timeout tim er on a por t, ente r the set port dot1x mod/port shutdown-timeout

command.

To configure the 802.1X user distribution feature, follow these guidelines:

•Ensure that at least one VLAN is mapped to the VLAN group.

•You can map more than one VLAN to a VLAN group.

•The VLAN group can be modified by adding or deleting a VLA N.

•When an existing VLAN is cleared from the VLAN group name, none of the ports authenticated in

the VLAN are cleared, but the mappings are removed from the existing VLAN group.

•If you clear the last VLAN from the VLAN group name, the VLAN group is deleted.

•You can clear a VLAN group, even when active VLANs are mapped to the group. When a VLAN

group is cleared, none of the ports or users that are in the authenticated state in any VLAN within

the group are cleared, but the VLAN mappings to the VLAN group are cleared.

•If you enter the set dot1x radius-vlan-assignment disable command, the VLAN information that

is sent from the RADIUS server is ignored, and the por t stay s i n the NV RAM -c onfigured VL AN.

This command is used to enable or disable the VLAN assignment feature globally. When the

command is enabled, the switch uses the tunnel attributes to extract the VLAN name in the RADIUS

Access-Accept message. The command is enabled by default.

To check whether or not configured RADIUS servers are alive, the switch can send out a dummy

username for authentication. In reply to the dummy username, the RADIUS servers send an access

rejection. To turn off authentication attempts that test the RADIUS servers, enter the

set dot1x radius-keepalive disable command. If you disable this feature, the switch does not check the

status of the servers, and the RADIUS server logs do not fill with dummy attempts.

Note In software releases 7.5 through 8.2, the command to enab le or disa ble t he RA DIU S keep alive

feature is set feature dot1x-radius-keepalive. In software release 8.3 and later releases, the

command is set dot1x radius-keepalive.

Examples This example shows how to set the system authentication control:

Console> (enable) set dot1x system-auth-control enable

dot1x authorization enabled.

Console> (enable)

This example shows how to set the idle time between authentication attempts:

Console> (enable) set dot1x quiet-period 45

dot1x quiet-period set to 45 seconds.

Console> (enable)

This example shows how to set the retransmission time:

Console> (enable) set dot1x tx-period 15

dot1x tx-period set to 15 seconds.

Console> (enable)

This example shows you how to specify the reauthentication time:

Console> (enable) set dot1x re-authperiod 7200

dot1x re-authperiod set to 7200 seconds

Console> (enable)