46-83
Software Configuration Guide—Release IOS XE 3.6.0E and IOS 15.2(2)E
OL_28731-01
Chapter 46 Configuring 802.1X Port-Based Authentication
Configuring 802.1X Port-Based Authentication
Cisco IOS Release 12.2(46)SG or earlier
Switch(config)# ip admission name rule1 proxy http
Switch(config)# fallback profile fallback1
Switch(config-fallback-profile)# ip access-group default-policy in
Switch(config-fallback-profile)# ip admission rule1
Switch(config-fallback-profile)# exit
Switch(config)# interface gigabit5/9
Switch(config-if)# switchport mode access
Switch(config-if)# dot1x port-control auto
Switch(config-if)# dot1x pae authenticator
Switch(config-if)# authentication order dot1x mab webauth
Switch(config-if)# dot1x mac-auth-bypass eap
Switch(config-if)# adot1x fallback fallback1
Switch(config-if)# exit
Switch(config)# ip device tracking
Switch(config)# exit
Enabling Periodic Reauthentication
You can enable periodic 802.1X client reauthentication and specify how often it occurs. If you do not
specify a time value before enabling reauthentication, the interval between reauthentication attempts is
3600 seconds.
Automatic 802.1X client reauthentication is a per-interface setting and can be set for clients connected
to individual ports. To manually reauthenticate the client connected to a specific port, see the “Changing
the Quiet Period” section on page 46-86.
To enable periodic reauthentication of the client and to configure the number of seconds between
reauthentication attempts, perform this task:
Command Purpose
Step 1
Switch# configure terminal
Enters global configuration mode.
Step 2
Switch(config)# interface
interface-id
Enters interface configuration mode and specifies the interface to be
enabled for periodic reauthentication.
Step 3
Switch(config-if)# switchport mode
access
Specifies a nontrunking, nontagged single VLAN Layer 2 interface.
Step 4
Switch(config-if)# dot1x pae
authenticator
Enables 802.1X authentication on the port with default parameters.
Refer to the “Default 802.1X Configuration” section on page 46-30.
Step 5
Cisco IOS Release 12.2(50)SG and later
Switch(config-if)# authentication
periodic
Cisco IOS Release 12.2(46)SG or earlier
releases
Switch(config-if)# dot1x
reauthentication
Enables periodic reauthentication of the client, which is disabled by
default.
To disable periodic reauthentication, use the no authentication periodic
interface configuration command (for earlier releases, use the
no dot1x reauthentication interface configuration command).
To Next Page
Loading...
