10-52
Catalyst 2960 and 2960-S Switch Software Configuration Guide
OL-8603-09
Chapter 10 Configuring IEEE 802.1x Port-Based Authentication
Configuring 802.1x Authentication
To return to the default re-authentication number, use the no dot1x max-reauth-req interface
configuration command.
This example shows how to set 4 as the number of times that the switch restarts the authentication
process before the port changes to the unauthorized state:
Switch(config-if)# dot1x max-reauth-req 4
Enabling MAC Move
MAC move allows an authenticated host to move from one port on the switch to another.
Beginning in privileged EXEC mode, follow these steps to globally enable MAC move on the switch.
This procedure is optional.
This example shows how to globally enable MAC move on a switch:
Switch(config)# authentication mac-move permit
Enabling MAC Replace
Note To enable MAC replace, the switch must be running the LAN base image.
MAC replace allows a host to replace an authenticated host on a port.
Beginning in privileged EXEC mode, follow these steps to enable MAC replace on an interface. This
procedure is optional.
Step 5
show authentication interface
interface-id
or
show dot1x interface interface-id
Verify your entries.
Step 6
copy running-config startup-config (Optional) Save your entries in the configuration file.
Command Purpose
Command Purpose
Step 1
configure terminal Enter global configuration mode.
Step 2
authentication mac-move permit Enable MAC move on the switch.
Step 3
end Return to privileged EXEC mode.
Step 4
show running-config (Optional) Verify your entries.
Step 5
copy running-config startup-config (Optional) Save your entries in the configuration file.
Command Purpose
Step 1
configure terminal Enter global configuration mode.
Step 2
interface interface-id Specify the port to be configured, and enter interface configuration mode.