Configuring Radius-Provided Session Timeouts - Cisco Catalyst 4500 series Administration Manual
Hide thumbs
Also See for Catalyst 4500 series:
- Software configuration manual (2086 pages) ,
- Configuration manual (1610 pages) ,
- Command reference manual (1230 pages)
Table of Contents
Advertisement
Chapter 46
Configuring 802.1X Port-Based Authentication
Command
Step 11
Switch(config)# end
Step 12
Switch# show ip device tracking
{all | interface interface-id | ip
ip-address | mac mac-address}
Step 13
Switch# copy running-config
startup-config
The following example illustrates how to configure a switch for downloadable policy:
Switch# config terminal
Enter configuration commands, one per line.
Switch(config)# aaa new-model
Switch(config)# aaa authorization network default local
Switch(config)# ip device tracking
Switch(config)# ip access-list extended default_acl
Switch(config-ext-nacl)# permit ip any any
Switch(config-ext-nacl)# exit
Switch(config)# int fastEthernet 2/13
Switch(config-if)# ip access-group default_acl in
Switch(config-if)# exit
Configuring RADIUS-Provided Session Timeouts
You can configure the Catalyst 4500 series switch to use a RADIUS-provided reauthentication timeout.
To configure RADIUS-provided timeouts, perform this task:
Command
Step 1
Switch# configure terminal
Step 2
Switch(config)# interface
interface-id
Step 3
Switch(config-if)# switchport mode
access
Step 4
Switch(config-if)# dot1x pae
authenticator
Step 5
Cisco IOS Release 12.2(50)SG and later
Switch(config-if)# authentication
timer reauthenticate {interface
server}
Cisco IOS Release 12.2(46)SG or earlier
releases
Switch(config-if)# dot1x timeout
reauth-attempts {interface
Step 6
Switch(config-if)# end
Step 7
Switch# show dot1x interface
interface-id details
Step 8
Switch# copy running-config
startup-config
OL_28731-01
Purpose
Returns to privileged EXEC mode.
Displays information about the entries in the IP device tracking table.
(Optional) Saves your entries in the configuration file.
Purpose
Enters global configuration mode.
Enters interface configuration mode.
Specifies a nontrunking, nontagged single VLAN Layer 2 interface.
Enables 802.1X authentication on the port with default parameters.
Refer to the
"Default 802.1X Configuration" section on page
Sets the reauthentication period (seconds).
|
|
server}
Returns to privileged EXEC mode.
Verifies your entries.
(Optional) Saves your entries in the configuration file.
Software Configuration Guide—Release IOS XE 3.6.0E and IOS 15.2(2)E
Configuring 802.1X Port-Based Authentication
End with CNTL/Z.
46-30.
46-55
Advertisement
Chapters
Table of Contents
Troubleshooting
