Cisco Catalyst 4500 Series Configuration Manual page 1052
Release ios xe 3.3.0sg and ios 15.1(1)sg
Hide thumbs
Also See for Catalyst 4500 Series:
- Software configuration manual (2086 pages) ,
- Administration manual (1814 pages) ,
- Configuration manual (1254 pages)
Table of Contents
Advertisement
Configuring 802.1X Port-Based Authentication
To set the switch-to-client frame-retransmission numbers, perform this task:
Command
Step 1
Switch# configure terminal
Step 2
Switch(config)# interface
interface-id
Step 3
Switch(config-if)# switchport mode
access
Step 4
Switch(config-if)# dot1x pae
authenticator
Step 5
Switch(config-if)# dot1x max-req
count
or
Switch(config-if)#
dot1x max-reauth-req count
Step 6
Switch(config-if)# authentication
port-control auto
Step 7
Switch(config-if)# end
Step 8
Switch# show dot1x all
Step 9
Switch# copy running-config
startup-config
This example shows how to set 5 as the number of times that the switch retransmits an
EAP-request/identity request before restarting the authentication process:
Cisco IOS Release 12.2(50)SG and later
Switch# configure terminal
Switch(config)# interface fastethernet5/9
Switch(config-if)# switchport mode access
Switch(config-if)# dot1x pae authenticator
Switch(config-if)# dot1x max-reauth-req 5
Switch(config-if)# authentication port-control auto
Switch(config-if)# end
Switch#
Software Configuration Guide—Release IOS XE 3.3.0SG and IOS 15.1(1)SG
44-84
Chapter 44
Purpose
Enters global configuration mode.
Enters interface configuration mode and specifies the interface to be
enabled for max-reauth-req and/or max-req.
Specifies a nontrunking, nontagged single VLAN Layer 2 interface.
Enables 802.1X authentication on the port with default parameters.
Refer to the
"Default 802.1X Configuration" section on page
Specifies the number of times EAPOL DATA packets are retransmitted (if
lost or not replied to). For example, if you have a supplicant that is
authenticating and it experiences a problem, the authenticator retransmits
requests for data three times before abandoning the authentication
request. The range for count is 1 to 10; the default is 2.
Specifies the timer for EAPOL-Identity-Request frames (only). If you
plug in a device incapable of 802.1X, three EAPOL-Id-Req frames are
sent before the state machine resets. Alternatively, if you have configured
Guest-VLAN, three frames are sent before the port is enabled. This
parameter has a default value of 2.
To return to the default retransmission number, use the no dot1x max-req
and no dot1x max-reauth-req global configuration command.
Enables 802.1X authentication on the interface.
Returns to privileged EXEC mode.
Verifies your entries.
(Optional) Saves your entries in the configuration file.
Configuring 802.1X Port-Based Authentication
44-27.
OL-25340-01
- Quick Links:
- Resetting a Switch to Factory Default...
Hide quick links:
Advertisement
Chapters
Table of Contents
Troubleshooting
