Configuring Periodic Re-Authentication - Cisco ME 3400G-2CS - Ethernet Access Switch Software Configuration Manual

Chapter 8 Configuring IEEE 802.1x Port-Based Authentication
Command
Step 4 show running-config
Step 5
copy running-config startup-config
To delete the specified RADIUS server, use the no radius-server host {hostname | ip-address} global
configuration command.
This example shows how to specify the server with IP address 172.20.39.46 as the RADIUS server, to
use port 1612 as the authorization port, and to set the encryption key to rad123, matching the key on the
RADIUS server:
Switch(config)# radius-server host 172.l20.39.46 auth-port 1612 key rad123
You can globally configure the timeout, retransmission, and encryption key values for all RADIUS
servers by using the radius-server host global configuration command. If you want to configure these
options on a per-server basis, use the radius-server timeout, radius-server retransmit, and the
radius-server key global configuration commands. For more information, see the
for All RADIUS Servers" section on page
You also need to configure some settings on the RADIUS server. These settings include the IP address
of the switch and the key string to be shared by both the server and the switch. For more information,
see the RADIUS server documentation.

Configuring Periodic Re-Authentication

You can enable periodic IEEE 802.1x client re-authentication and specify how often it occurs. If you do
not specify a time period before enabling re-authentication, the number of seconds between
re-authentication attempts is 3600.
Beginning in privileged EXEC mode, follow these steps to enable periodic re-authentication of the client
and to configure the number of seconds between re-authentication attempts. This procedure is optional.
Command
Step 1
configure terminal
Step 2
interface interface-id
Step 3 dot1x reauthentication
Step 4
dot1x timeout reauth-period seconds
Step 5
end
Step 6 show dot1x interface interface-id
Step 7
copy running-config startup-config
To disable periodic re-authentication, use the no dot1x reauthentication interface configuration
command. To return to the default number of seconds between re-authentication attempts, use the no
dot1x timeout reauth-period interface configuration command.
78-17058-01
Purpose
Verify your entries.
(Optional) Save your entries in the configuration file.
7-29.
Purpose
Enter global configuration mode.
Specify the port to be configured, and enter interface configuration mode.
Enable periodic re-authentication of the client, which is disabled by
default.
Set the number of seconds between re-authentication attempts.
The range is 1 to 65535; the default is 3600 seconds.
This command affects the behavior of the switch only if periodic
re-authentication is enabled.
Return to privileged EXEC mode.
Verify your entries.
(Optional) Save your entries in the configuration file.
Cisco ME 3400 Ethernet Access Switch Software Configuration Guide
Configuring IEEE 802.1x Authentication
"Configuring Settings
8-13