Support User Manuals

Cisco Systems 2960 Model Vehicle User Manual

Open as PDF

of 1004

10-37

Catalyst 2960 and 2960-S Switch Software Configuration Guide

OL-8603-09

Chapter 10 Configuring IEEE 802.1x Port-Based Authentication

Configuring 802.1x Authentication

Default 802.1x Authentication Configuration

Table 10-4 shows the default 802.1x authentication configuration.

Table 10-4 Default 802.1x Authentication Configuration

Feature Default Setting

Switch 802.1x enable state Disabled.

Per-port 802.1x enable state Disabled (force-authorized).

The port sends and receives normal traffic without 802.1x-based

authentication of the client.

AAA Disabled.

RADIUS server

• IP address

• UDP authentication port

• Key

• None specified.

• 1812.

• None specified.

Host mode Single-host mode.

Control direction Bidirectional control.

Periodic re-authentication Disabled.

Number of seconds between

re-authentication attempts

3600 seconds.

Re-authentication number 2 times (number of times that the switch restarts the authentication process

before the port changes to the unauthorized state).

Quiet period 60 seconds (number of seconds that the switch remains in the quiet state

following a failed authentication exchange with the client).

Retransmission time 30 seconds (number of seconds that the switch should wait for a response to an

EAP request/identity frame from the client before resending the request).

Maximum retransmission number 2 times (number of times that the switch will send an EAP-request/identity

frame before restarting the authentication process).

Client timeout period 30 seconds (when relaying a request from the authentication server to the

client, the amount of time the switch waits for a response before resending the

request to the client.)

Authentication server timeout period 30 seconds (when relaying a response from the client to the authentication

server, the amount of time the switch waits for a reply before resending the

response to the server.)

You can change this timeout period by using the authentication timer server

or dot1x timeout server-timeout interface configuration command.

Inactivity timeout Disabled.

Guest VLAN None specified.

Inaccessible authentication bypass Disabled.

Restricted VLAN None specified.

Authenticator (switch) mode None specified.

previous next