46-89
Software Configuration Guide—Release IOS XE 3.6.0E and IOS 15.2(2)E
OL_28731-01
Chapter 46 Configuring 802.1X Port-Based Authentication
Configuring 802.1X Port-Based Authentication
This example shows how to set 5 as the number of times that the switch retransmits an
EAP-request/identity request before restarting the authentication process:
Cisco IOS Release 12.2(50)SG and later
Switch# configure terminal
Switch(config)# interface fastethernet5/9
Switch(config-if)# switchport mode access
Switch(config-if)# dot1x pae authenticator
Switch(config-if)# dot1x max-reauth-req 5
Switch(config-if)# authentication port-control auto
Switch(config-if)# end
Switch#
Cisco IOS Release 12.2(46)SG or earlier
Switch# configure terminal
Switch(config)# interface fastethernet5/9
Switch(config-if)# switchport mode access
Switch(config-if)# dot1x pae authenticator
Switch(config-if)# dot1x max-reauth-req 5
Switch(config-if)# dot1x port-control auto
Switch(config-if)# end
Switch#
Configuring an Authenticator and a Supplicant Switch with NEAT
Configuring NEAT requires that one switch outside a wiring closet is configured as a supplicant and is
connected to an authenticator switch.
This section includes these topics:
• Configuring Switch as an Authenticator, page 46-90
• Configuring Switch as a Supplicant, page 46-93
Step 5
Switch(config-if)# dot1x max-req
count
or
Switch(config-if)#
dot1x max-reauth-req count
Specifies the number of times EAPOL DATA packets are retransmitted (if
lost or not replied to). For example, if you have a supplicant that is
authenticating and it experiences a problem, the authenticator retransmits
requests for data three times before abandoning the authentication
request. The range for count is 1 to 10; the default is 2.
Specifies the timer for EAPOL-Identity-Request frames (only). If you
plug in a device incapable of 802.1X, three EAPOL-Id-Req frames are
sent before the state machine resets. Alternatively, if you have configured
Guest-VLAN, three frames are sent before the port is enabled. This
parameter has a default value of 2.
To return to the default retransmission number, use the no dot1x max-req
and no dot1x max-reauth-req global configuration command.
Step 6
Switch(config-if)# authentication
port-control auto
Enables 802.1X authentication on the interface.
Step 7
Switch(config-if)# end
Returns to privileged EXEC mode.
Step 8
Switch# show dot1x all
Verifies your entries.
Step 9
Switch# copy running-config
startup-config
(Optional) Saves your entries in the configuration file.
Command Purpose
To Next Page
Loading...
