Support User Manuals

Cisco Systems 2960 Model Vehicle User Manual

Open as PDF

of 1004

10-48

Catalyst 2960 and 2960-S Switch Software Configuration Guide

OL-8603-09

Chapter 10 Configuring IEEE 802.1x Port-Based Authentication

Configuring 802.1x Authentication

Configuring Periodic Re-Authentication

You can enable periodic 802.1x client re-authentication and specify how often it occurs. If you do not

specify a time period before enabling re-authentication, the number of seconds between attempts

is 3600.

Beginning in privileged EXEC mode, follow these steps to enable periodic re-authentication of the client

and to configure the number of seconds between re-authentication attempts. This procedure is optional.

To disable periodic re-authentication, use the no authentication periodic or the no dot1x

reauthentication interface configuration command. To return to the default number of seconds between

re-authentication attempts, use the no authentication timer or the no dot1x timeout reauth-period

interface configuration command.

Command Purpose

Step 1

configure terminal Enter global configuration mode.

Step 2

interface interface-id Specify the port to be configured, and enter interface configuration mode.

Step 3

authentication periodic

or

dot1x reauthentication

Enable periodic re-authentication of the client, which is disabled by

default.

Step 4

authentication timer {{[inactivity |

reauthenticate]} {restart value}}

or

dot1x timeout reauth-period {seconds |

server}

Set the number of seconds between re-authentication attempts.

The authentication timer keywords have these meanings:

• inactivity—Interval in seconds after which if there is no activity from

the client then it is unauthorized

• reauthenticate—Time in seconds after which an automatic

re-authentication attempt is be initiated

• restart value—Interval in seconds after which an attempt is made to

authenticate an unauthorized port

The dot1x timeout reauth-period keywords have these meanings:

• seconds—Sets the number of seconds from 1 to 65535; the default is

3600 seconds.

• server—Sets the number of seconds based on the value of the

Session-Timeout RADIUS attribute (Attribute[27]) and the

Termination-Action RADIUS attribute (Attribute [29]).

This command affects the behavior of the switch only if periodic

re-authentication is enabled.

Step 5

end Return to privileged EXEC mode.

Step 6

show authentication interface-id

or

show dot1x interface interface-id

Verify your entries.

Step 7

copy running-config startup-config (Optional) Save your entries in the configuration file.

previous next