33
Configuring 802.1x port security
force-unauthorized – The controlled port is placed unconditionally in the unauthorized state.
auto – The controlled port is unauthorized until authentication takes place between the Client and
Authentication Server. Once the Client passes authentication, the port becomes authorized. This
has the effect of activating authentication on an 802.1x-enabled interface.
NOTES:
enabled:
Configuring periodic re-authentication
You can configure the device to periodically re-authenticate Clients connected to 802.1x-enabled
interfaces. When you enable periodic re-authentication, the device re-authenticates Clients every
3,600 seconds by default. You can optionally specify a different re-authentication interval of
between 1 – 4294967295 seconds.
To configure periodic re-authentication using the default interval of 3,600 seconds, enter the
following command.
BigIron RX(config)#dot1x-enable
BigIron RX(config-dot1x)# re-authentication
Syntax: [no] re-authentication
To configure periodic re-authentication with an interval of 2,000 seconds, enter the following
commands.
BigIron RX(config)#dot1x-enable
BigIron RX(config-dot1x)# re-authentication
BigIron RX(config-dot1x)# timeout re-authperiod 2000
Syntax: [no] timeout re-authperiod <seconds>
The re-authentication interval is a global setting, applicable to all 802.1x-enabled interfaces. If you
want to re-authenticate Clients connected to a specific port manually, use the dot1x
re-authenticate command. See
Re-authenticating a port manually
When periodic re-authentication is enabled, by default the BigIron RX re-authenticates Clients
connected to an 802.1x-enabled interface every 3,600 seconds (or the time specified by the dot1x
timeout re-authperiod command). You can also manually re-authenticate Clients connected to a
specific port.
978
You cannot enable 802.1x port security on ports that have any of the following features
•
10 Gbps ports
•
Static MAC configurations
•
Link aggregation
•
Metro Ring Protocol (MRP)
•
Tagged port
•
Mirror port
•
Trunk port
•
MAC port security
•
Management Port
•
VE members
"Re-authenticating a port
manually", below.
BigIron RX Series Configuration Guide
53-1002253-01