• Selective enabling or disabling of dot1x on N9K-M12PQ uplink module ports is not supported for Cisco
Nexus 9300 platform switches.
• A security violation occurs when the same mac is learnt on a different VLAn with dot1x enabled on the
interface.
• Configuring mac learn disable with dot1x enabled on DME enabled platform does not display the error
messages.
• In Cisco Nexus Release 9.2(1), tagged EAPOL frames are processed even though the VLAN is not
configured on the interface and the authentication is successful on the interface for the client.
• Secure mac learnt on orphan port is not synced on the vPC peer.
Default Settings for 802.1X
This table lists the default settings for 802.1X parameters.
Table 11: Default 802.1X Parameters
DefaultParameters
Disabled802.1X feature
Not configuredAAA 802.1X authentication method
Disabled (force-authorized)
The port transmits and receives normal traffic without
802.1X-based authentication of the supplicant.
Note
Per-interface 802.1X protocol enable
state
DisabledPeriodic reauthentication
3600 secondsNumber of seconds between
reauthentication attempts
60 seconds (number of seconds that the Cisco NX-OS device remains
in the quiet state following a failed authentication exchange with
the supplicant)
Quiet timeout period
30 seconds (number of seconds that the Cisco NX-OS device should
wait for a response to an EAP request/identity frame from the
supplicant before retransmitting the request)
Retransmission timeout period
2 times (number of times that the Cisco NX-OS device will send an
EAP-request/identity frame before restarting the authentication
process)
Maximum retransmission number
Single hostHost mode
Cisco Nexus 9000 Series NX-OS Security Configuration Guide, Release 9.x
185
Configuring 802.1X
Default Settings for 802.1X
To Next Page
Loading...
