Manually Re-Authenticating A Client Connected To A Port; Changing The Quiet Period; Configuring Periodic Re-Authentication - Cisco WS-C2960-24LC-S Software Configuration Manual

Configuring IEEE 802.1x Authentication
Beginning in privileged EXEC mode, follow these steps to enable periodic re-authentication of the client
and to configure the number of seconds between re-authentication attempts. This procedure is optional.
Command
Step 1 configure terminal
Step 2 interface interface-id
Step 3
dot1x reauthentication
Step 4 dot1x timeout reauth-period {seconds |
server}
Step 5 end
Step 6 show dot1x interface interface-id
Step 7
copy running-config startup-config
To disable periodic re-authentication, use the no dot1x reauthentication interface configuration
command. To return to the default number of seconds between re-authentication attempts, use the no
dot1x timeout reauth-period interface configuration command.
This example shows how to enable periodic re-authentication and set the number of seconds between
re-authentication attempts to 4000:
Switch(config-if)# dot1x reauthentication
Switch(config-if)# dot1x timeout reauth-period 4000

Manually Re-Authenticating a Client Connected to a Port

You can manually re-authenticate the client connected to a specific port at any time by entering the
dot1x re-authenticate interface interface-id privileged EXEC command. This step is optional. If you
want to enable or disable periodic re-authentication, see the
section on page
This example shows how to manually re-authenticate the client connected to a port:
Switch# dot1x re-authenticate interface gigabitethernet0/1

Changing the Quiet Period

When the switch cannot authenticate the client, the switch remains idle for a set period of time and then
tries again. The dot1x timeout quiet-period interface configuration command controls the idle period.
A failed authentication of the client might occur because the client provided an invalid password. You
can provide a faster response time to the user by entering a number smaller than the default.
Catalyst 2960 Switch Software Configuration Guide
9-26
Purpose
Enter global configuration mode.
Specify the port to be configured, and enter interface configuration mode.
Enable periodic re-authentication of the client, which is disabled by
default.
Set the number of seconds between re-authentication attempts.
The keywords have these meanings:
seconds—Sets the number of seconds from 1 to 65535; the default is
•
3600 seconds.
server—Sets the number of seconds based on the value of the
•
Session-Timeout RADIUS attribute (Attribute[27]) and the
Termination-Action RADIUS attribute (Attribute [29]).
This command affects the behavior of the switch only if periodic
re-authentication is enabled.
Return to privileged EXEC mode.
Verify your entries.
(Optional) Save your entries in the configuration file.
9-25.
Chapter 9 Configuring IEEE 802.1x Port-Based Authentication

"Configuring Periodic Re-Authentication"

OL-8603-04