10-49
Catalyst 2960 and 2960-S Switches Software Configuration Guide, Release 15.0(1)SE
OL-26520-01
Chapter 10 Configuring IEEE 802.1x Port-Based Authentication
Configuring 802.1x Authentication
Manually Re-Authenticating a Client Connected to a Port
You can manually re-authenticate the client connected to a specific port at any time by entering the dot1x
re-authenticate interface interface-id privileged EXEC command. This step is optional. If you want to
enable or disable periodic re-authentication, see the “Configuring Periodic Re-Authentication” section
on page 10-48.
This example shows how to manually re-authenticate the client connected to a port:
Switch# dot1x re-authenticate interface gigabitethernet2/0/1
Changing the Quiet Period
When the switch cannot authenticate the client, the switch remains idle for a set period of time and then
tries again. The authentication timer inactivity interface configuration command controls the idle
period. A failed client authentication might occur because the client provided an invalid password. You
can provide a faster response time to the user by entering a number smaller than the default.
Beginning in privileged EXEC mode, follow these steps to change the quiet period. This procedure is
optional.
To return to the default quiet time, use the no authentication timer inactivity interface configuration
command.
This example shows how to set the quiet time on the switch to 30 seconds:
Switch(config-if)# authentication timer inactivity 30
Changing the Switch-to-Client Retransmission Time
The client responds to the EAP-request/identity frame from the switch with an EAP-response/identity
frame. If the switch does not receive this response, it waits a set period of time (known as the
retransmission time) and then resends the frame.
Note You should change the default value of this command only to adjust for unusual circumstances such as
unreliable links or specific behavioral problems with certain clients and authentication servers.
Command Purpose
Step 1
configure terminal Enter global configuration mode.
Step 2
interface interface-id Specify the port to be configured, and enter interface configuration mode.
Step 3
authentication timer inactivity seconds Set the number of seconds that the switch remains in the quiet state after
a failed authentication exchange with the client.
The range is 1 to 65535 seconds; the default is 60.
Step 4
end Return to privileged EXEC mode.
Step 5
show authentication interface
interface-id
Verify your entries.
Step 6
copy running-config startup-config (Optional) Save your entries in the configuration file.
To Next Page
Loading...
Need help?
General
