Configuring the Switch
3-44
3
The operation of 802.1X on the switch requires the following:
The switch must have an IP address assigned.
RADIUS authentication must be enabled on the switch and the IP address of the
RADIUS server specified.
802.1X must be enabled globally for the switch.
Each switch port that will be used must be set to dot1x “Auto” mode.
Each client that needs to be authenticated must have dot1x client software
installed and properly configured.
The RADIUS server and 802.1X client support EAP. (The switch only supports
EAPOL in order to pass the EAP packets from the server to the client.)
The RADIUS server and client also have to support the same EAP authentication
type – MD5, (Some clients have native support in Windows, otherwise the dot1x
client must support it.)
Displaying 802.1X Global Settings
The dot1x protocol includes global parameters that control the client authentication
process that runs between the client and the switch (i.e., authenticator), as well as
the client identity lookup process that runs between the switch and authentication
server. These parameters are described in this section.
Command Attributes
802.1X Re-authentication – Indicates if switch port requires a client to be
re-authenticated after a certain period of time.
802.1X Max Request Count – The maximum number of times the switch port will
retransmit an EAP request packet to the client before it times out the authentication
session.
Timeout For Quiet Period – Indicates the time that a switch port waits after the
Max Request Count has been exceeded before attempting to acquire a new client.
Timeout For Re-authentication Period – Indicates the time period after which a
connected client must be re-authenticated.
Timeout For Tx Period – The time period during an authentication session that
the switch waits before re-transmitting an EAP packet.
Supplicant Timeout – The time the switch waits for a client response to an EAP
request.
Server Timeout – The time the switch waits for a response from the authentication
server (RADIUS) to an authentication request.
Re-authentication Max Count – The number of times the switch will attempt to
re-authenticate a connected client before the port becomes unauthorized.