Configuring 802.1x Authentication
This example shows how to enable MDA and to allow both a host and a voice device on the port:
Switch(config)# interface gigabitethernet3/0/1
Switch(config-if)# authentication port-control auto
Switch(config-if)# authentication host-mode multi-domain
Switch(config-if)# switchport voice vlan 101
Switch(config-if)# end
Configuring Periodic Re-Authentication
You can enable periodic 802.1x client re-authentication and specify how often it occurs. If you do not
specify a time period before enabling re-authentication, the number of seconds between attempts is
3600.
Beginning in privileged EXEC mode, follow these steps to enable periodic re-authentication of the client
and to configure the number of seconds between re-authentication attempts. This procedure is optional.
Command
Step 1
configure terminal
Step 2
interface interface-id
Step 3
authentication periodic
Step 4
authentication timer {{[inactivity |
reauthenticate]} {restart value}}
Step 5
end
Step 6
show authentication interface
interface-id
Step 7
copy running-config startup-config
To disable periodic re-authentication, use the no authentication periodic interface configuration
command. To return to the default number of seconds between re-authentication attempts, use the no
authentication timer interface configuration command.
Catalyst 3750-X and 3560-X Switch Software Configuration Guide
1-48
Chapter 1
Purpose
Enter global configuration mode.
Specify the port to be configured, and enter interface configuration mode.
Enable periodic re-authentication of the client, which is disabled by
default.
The default value is 3600 seconds. To change the value of the
Note
reauthentication timer or to have the switch use a
RADIUS-provided session timeout, enter the authentication
timer reauthenticate command.
Set the number of seconds between re-authentication attempts.
The authentication timer keywords have these meanings:
inactivity—Interval in seconds after which if there is no activity from
•
the client then it is unauthorized
reauthenticate—Time in seconds after which an automatic
•
re-authentication attempt is initiated
restart value—Interval in seconds after which an attempt is made to
•
authenticate an unauthorized port
This command affects the behavior of the switch only if periodic
re-authentication is enabled.
Return to privileged EXEC mode.
Verify your entries.
(Optional) Save your entries in the configuration file.
Configuring IEEE 802.1x Port-Based Authentication
OL-25303-03