Configuring Port-Based and User-Based Access Control (802.1X)

Configuring Switch Ports To Operate As Supplicants for 802.1X Connections to Other Switches

aaa port-access supplicant [ethernet] < port-list> (Syntax Continued)

[secret]

Enter secret: < password >Repeat secret: < password >

Sets the secret password to be used by the port supplicant when an MD5 authentication request is received from an authenticator. The switch prompts you to enter the secret password after the command is invoked.

[auth-timeout < 1 - 300 >]

Sets the delay period the port waits to receive a challenge from the authenticator. If the request times out, the port sends another request, up to the number of attempts specified by the max-startparameter. (Default: 30 seconds).

[max-start < 1 - 10 >]

Defines the maximum number of times the supplicant port requests authentication. See step 1 on page 10-47for a description of how the port reacts to the authenticator response. (Default: 3).

[held-period < 0 - 65535 >]

Sets the time period the supplicant port waits after an active 802.1X session fails before trying to re- acquire the authenticator port. (Default: 60 seconds)

[start-period < 1 - 300 >]

Sets the delay between Start packet retransmissions. That is, after a supplicant sends a start packet, it waits during the start-periodfor a response. If no response comes during the start- period, the supplicant sends a new start packet. The max-startsetting (above) specifies how many start attempts are allowed in the session. (Default: 30 seconds)

aaaport-access supplicant [ethernet] < port-list> [initialize]

On the specified ports, blocks inbound and outbound traffic and restarts the 802.1X authentication process. Affects only ports configured as 802.1X supplicants.

[clear-statistics]

Clears and restarts the 802.1X supplicant statistics coun- ters.

10-50