11-46
Catalyst 3750-X and 3560-X Switch Software Configuration Guide
OL-21521-01
Chapter 11 Configuring IEEE 802.1x Port-Based Authentication
Configuring 802.1x Authentication
To disable periodic re-authentication, use the no authentication periodic or the no dot1x
reauthentication interface configuration command. To return to the default number of seconds between
re-authentication attempts, use the no authentication timer or the no dot1x timeout reauth-period
interface configuration command.
This example shows how to enable periodic re-authentication and set the number of seconds between
re-authentication attempts to 4000:
Switch(config-if)# dot1x reauthentication
Switch(config-if)# dot1x timeout reauth-period 4000
Manually Re-Authenticating a Client Connected to a Port
You can manually re-authenticate the client connected to a specific port at any time by entering the dot1x
re-authenticate interface interface-id privileged EXEC command. This step is optional. If you want to
enable or disable periodic re-authentication, see the “Configuring Periodic Re-Authentication” section
on page 11-45.
This example shows how to manually re-authenticate the client connected to a port:
Switch# dot1x re-authenticate interface gigabitethernet2/0/1
Step 4 authentication timer {{[inactivity |
reauthenticate] [server | am]} {restart
value}}
or
dot1x timeout reauth-period {seconds |
server}
Set the number of seconds between re-authentication attempts.
The authentication timer keywords have these meanings:
inactivity—Interval in seconds after which if there is no activity from
the client then it is unauthorized
reauthenticate—Time in seconds after which an automatic
re-authentication attempt is be initiated
server am—Interval in seconds after which an attempt is made to
authenticate an unauthorized port
restart value—Interval in seconds after which an attempt is made to
authenticate an unauthorized port
The dot1x timeout reauth-period keywords have these meanings:
seconds—Sets the number of seconds from 1 to 65535; the default is
3600 seconds.
server—Sets the number of seconds based on the value of the
Session-Timeout RADIUS attribute (Attribute[27]) and the
Termination-Action RADIUS attribute (Attribute [29]).
This command affects the behavior of the switch only if periodic
re-authentication is enabled.
Step 5 end Return to privileged EXEC mode.
Step 6 show authentication interface-id
or
show dot1x interface interface-id
Verify your entries.
Step 7 copy running-config startup-config (Optional) Save your entries in the configuration file.
Command Purpose