10-37
Catalyst 2960 and 2960-S Switch Software Configuration Guide
OL-8603-09
Chapter 10 Configuring IEEE 802.1x Port-Based Authentication
Configuring 802.1x Authentication
Default 802.1x Authentication Configuration
Table 10-4 shows the default 802.1x authentication configuration.
Table 10-4 Default 802.1x Authentication Configuration
Feature Default Setting
Switch 802.1x enable state Disabled.
Per-port 802.1x enable state Disabled (force-authorized).
The port sends and receives normal traffic without 802.1x-based
authentication of the client.
AAA Disabled.
RADIUS server
• IP address
• UDP authentication port
• Key
• None specified.
• 1812.
• None specified.
Host mode Single-host mode.
Control direction Bidirectional control.
Periodic re-authentication Disabled.
Number of seconds between
re-authentication attempts
3600 seconds.
Re-authentication number 2 times (number of times that the switch restarts the authentication process
before the port changes to the unauthorized state).
Quiet period 60 seconds (number of seconds that the switch remains in the quiet state
following a failed authentication exchange with the client).
Retransmission time 30 seconds (number of seconds that the switch should wait for a response to an
EAP request/identity frame from the client before resending the request).
Maximum retransmission number 2 times (number of times that the switch will send an EAP-request/identity
frame before restarting the authentication process).
Client timeout period 30 seconds (when relaying a request from the authentication server to the
client, the amount of time the switch waits for a response before resending the
request to the client.)
Authentication server timeout period 30 seconds (when relaying a response from the client to the authentication
server, the amount of time the switch waits for a reply before resending the
response to the server.)
You can change this timeout period by using the authentication timer server
or dot1x timeout server-timeout interface configuration command.
Inactivity timeout Disabled.
Guest VLAN None specified.
Inaccessible authentication bypass Disabled.
Restricted VLAN None specified.
Authenticator (switch) mode None specified.