46-84
Software Configuration Guide—Release IOS XE 3.6.0E and IOS 15.2(2)E
OL_28731-01
Chapter 46 Configuring 802.1X Port-Based Authentication
Configuring 802.1X Port-Based Authentication
This example shows how to enable periodic reauthentication and set the number of seconds between
reauthentication attempts to 4000:
Cisco IOS Release 12.2(50)SG and later
Switch# configure terminal
Switch(config)# interface fastethernet5/9
Switch(config-if)# switchport mode access
Switch(config-if)# dot1x pae authenticator
Switch(config-if)# authentication periodic
Switch(config-if)# authentication timer reauthenticate 4000
Switch(config-if)# authentication port-control auto
Switch(config-if)# end
Switch#
Cisco IOS Release 12.2(46)SG or earlier
Switch# configure terminal
Switch(config)# interface fastethernet5/9
Switch(config-if)# switchport mode access
Switch(config-if)# dot1x pae authenticator
Switch(config-if)# dot1x reauthentication
Switch(config-if)# dot1x timeout reauth-period 4000
Switch(config-if)# dot1x port-control auto
Switch(config-if)# end
Switch#
Enabling Multiple Hosts
You can attach multiple hosts (clients) to a single 802.1X-enabled port as shown in Figure 46-9 on
page 46-29. In this mode, when the port is authorized, all other hosts that are indirectly attached to the
port are granted access to the network. If the port becomes unauthorized (reauthentication fails or an
EAPOL-logoff message is received), the switch denies access to the network for all wireless access
point-attached clients.
Step 6
Cisco IOS Release 12.2(50)SG and later
Switch(config-if)# authentication
timer reauthenticate {seconds |
server}
Cisco IOS Release 12.2(46)SG or earlier
releases
Switch(config-if)# dot1x timeout
reauth-period {seconds | server}
Specifies the number of seconds between reauthentication attempts or
have the switch use a RADIUS-provided session timeout.
The range is 1 to 65,535; the default is 3600 seconds.
To return to the default number of seconds between reauthentication
attempts, use the no authentication timer reauthenticate global
configuration command (for earlier releases, use the
dot1x timeout reauth-attempts command).
This command affects the behavior of the switch only if periodic
reauthentication is enabled.
Step 7
Cisco IOS Release 12.2(50)SG and later
Switch(config-if)# authentication
port-control auto
Cisco IOS Release 12.2(46)SG or earlier
releases
Switch(config-if)# dot1x
port-control auto
Enables 802.1X authentication on the interface.
Step 8
Switch(config-if)# end
Returns to privileged EXEC mode.
Command Purpose
To Next Page
Loading...
