29-25
Software Configuration Guide—Release 12.2(25)SG
OL-7659-03
Chapter29 Understanding and Conf iguring 802.1X Port-Based Authentication
How to Configure 802.1X
To disable periodic reauthentication, use the no dot1x re-authentication interface configuration
command. To return to the default number of seconds between reauthentication attempts, use the no
dot1x timeout reauth-period global configuration command.
This example shows how to enable periodic reauthentication and set t he number of seconds between
reauthentication attempts to 4000:
Switch(config)# dot1x timeout reauth-period 4000
Switch(config)# dot1x re-authentication
Manually Reauthenticating a Client Connected to a Port
You can manually reauthenticate a client connected to a specific port at any time by entering the dot1x
re-authenticate interface interface-id privileged EXEC command. If you want to enable or disable
periodic reauthentication, see the “Enabling Periodic Reaut hentication” section on page 29-24.
This example shows how to manually reauthenticate the client connect ed to Fast Ethernet port 1/1:
Switch# dot1x re-authenticate interface fastethernet1/1
Starting reauthentication on FastEthernet1/1
Changing the Quiet Period
When the switch cannot authenticate the client, the switch remains idle for a set period of time, and then
tries again. The idle time is determined by the quiet-period value. A failed authentication of the client
might occur because the client provided an invalid password. You can provide a faster response time to
the user by entering a number smaller than the default.
To change the quiet period, perform this task:
Step3 Switch(config-if)# dot1x
re-authentication
Enables periodic reauthentication of the client, which is disabled by
default.
Step4 Switch(config)# dot1x timeout
reauth-period {
seconds
|
server}
Specifies the number of seconds between reauthentication attempts or
have the switch use a RADIUS-provided session timeout.
The range is 1 to 65,535; the default is 3600 seconds.
This command affects the behavior of the switch only if periodic
reauthentication is enabled.
Step5 Switch(config)# end Returns to privileged EXEC mode.
Step6 Switch# show dot1x all Verifies your entries.
Step7 Switch(config)# copy running-config
startup-config
(Optional) Saves your entries in the configuration file.
Command Purpose
Command Purpose
Step1 Switch# configure terminal Enters global configuration mode.
Step2 Switch(config)# interface
interface-id
Enters interface configuration mode and specifies the interface to be
enabled for timeout quiet-period.