Users Guide
dot1x authentication
no shutdown
!
Dell#
To view 802.1X configuration information for an interface, use the show dot1x interface command.
In the following example, the bold lines show that 802.1X is enabled on all ports unauthorized by default.
Dell#show dot1x interface TenGigabitEthernet 2/1/
802.1x information on Te 2/1/:
-----------------------------
Dot1x Status: Enable
Port Control: AUTO
Port Auth Status: UNAUTHORIZED
Re-Authentication: Disable
Untagged VLAN id: None
Guest VLAN: Disable
Guest VLAN id: NONE
Auth-Fail VLAN: Disable
Auth-Fail VLAN id: NONE
Auth-Fail Max-Attempts: NONE
Mac-Auth-Bypass: Disable
Mac-Auth-Bypass Only: Disable
Tx Period: 30 seconds
Quiet Period: 60 seconds
ReAuth Max: 2
Supplicant Timeout: 30 seconds
Server Timeout: 30 seconds
Re-Auth Interval: 3600 seconds
Max-EAP-Req: 2
Host Mode: SINGLE_HOST
Auth PAE State: Initialize
Backend State: Initialize
Configuring Request Identity Re-Transmissions
When the authenticator sends a Request Identity frame and the supplicant does not respond, the authenticator waits for 30 seconds and
then re-transmits the frame.
The amount of time that the authenticator waits before re-transmitting and the maximum number of times that the authenticator re-
transmits can be configured.
NOTE:
There are several reasons why the supplicant might fail to respond; for example, the supplicant might have been
booting when the request arrived or there might be a physical layer problem.
To configure re-transmissions, use the following commands.
• Configure the amount of time that the authenticator waits before re-transmitting an EAP Request Identity frame.
INTERFACE mode
dot1x tx-period number
The range is from 1 to 65535 (1 year)
The default is 30.
• Configure the maximum number of times the authenticator re-transmits a Request Identity frame.
INTERFACE mode
dot1x max-eap-req number
The range is from 1 to 10.
The default is 2.
The example in Configuring a Quiet Period after a Failed Authentication shows configuration information for a port for which the
authenticator re-transmits an EAP Request Identity frame after 90 seconds and re-transmits for 10 times.
802.1X
79