User Guide

ManualsBrandsCisco Systems ManualsOtherEA6500

361

362

363

364

365

366

367

368

369

370

25-10

Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E

78-14099-04

Chapter 25 Configuring IEEE 802.1X Port-Based Authentication

Configuring 802.1X Port-Based Authentication

Note You also need to configure some settings on the RADIUS server. These settings include the IP address

of the switch and the key string to be shared by both the server and the switch. For more information,

refer to the RADIUS server documentation.

This example shows how to configure the RADIUS server parameters on the switch:

Router# configure terminal

Router(config)# ip radius source-interface Vlan80

Router(config)# radius-server host 172.l20.39.46

Router(config)# radius-server key rad123

Router(config)# end

Enabling Periodic Reauthentication

You can enable periodic 802.1X client reauthentication and specify how often it occurs. If you do not

specify a time period before enabling reauthentication, the number of seconds between reauthentication

attempts is 3600.

Automatic 802.1X client reauthentication is a global setting and cannot be set for clients connected to

individual ports. To manually reauthenticate the client connected to a specific port, see the “Manually

Reauthenticating the Client Connected to a Port” section on page 25-11.

To enable periodic reauthentication of the client and to configure the number of seconds between

reauthentication attempts, perform this task:

This example shows how to enable periodic reauthentication and set the number of seconds between

reauthentication attempts to 4000:

Router(config-if)# dot1x reauthentication

Router(config-if)# dot1x timeout re-authperiod 4000

Command Purpose

Step 1

Router(config)# interface type

slot/port

1. type = ethernet, fastethernet, gigabitethernet, or tengigabitethernet

Selects an interface to configure.

Step 2

Router(config-if)# dot1x reauthentication

Enables periodic reauthentication of the client, which is

disabled by default.

Router(config-if)# no dot1x reauthentication

Disables periodic reauthentication of the client.

Step 3

Router(config-if)# dot1x timeout re-authperiod

seconds

Sets the number of seconds between reauthentication

attempts.

The range is 1 to 4294967295; the default is 3600

seconds.

This command affects the behavior of the switch only if

periodic reauthentication is enabled.

Router(config-if)# no dot1x timeout re-authperiod

Returns to the default reauthorization period.

Step 4

Router(config-if)# end

Returns to privileged EXEC mode.

Step 5

Router# show dot1x all

Verifies your entries.