Configuring 802.1X Port-Based Authentication
This example shows how to set the switch-to-authentication-server retransmission time for Layer 4
packets to 25 seconds:
Router(config-if)# dot1x timeout server-timeout 25
Setting the Switch-to-Client Frame Retransmission Number
In addition to changing the switch-to-client retransmission time, you can change the number of times
that the switch sends an EAP-request/identity frame (assuming no response is received) to the client
before restarting the authentication process.
You should change the default value of this command only to adjust for unusual circumstances such as
unreliable links or specific behavioral problems with certain clients and authentication servers.
To set the switch-to-client frame retransmission number, perform this task:
Router(config)# interface type
Router(config-if)# dot1x max-req count
Router(config-if)# no dot1x max-req
Router# show dot1x all
type = ethernet, fastethernet, gigabitethernet, or tengigabitethernet
This example shows how to set 5 as the number of times that the switch sends an EAP-request/identity
request before restarting the authentication process:
Router(config-if)# dot1x max-req 5
Enabling Multiple Hosts
You can attach multiple hosts to a single 802.1X-enabled port as shown in
this mode, only one of the attached hosts must be successfully authorized for all hosts to be granted
network access. If the port becomes unauthorized (reauthentication fails or an EAPOL-logoff message
is received), all attached clients are denied access to the network.
Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E
Selects an interface to configure.
Sets the number of times that the switch sends an
EAP-request/identity frame to the client before restarting
the authentication process. The range is 1 to 10; the
default is 2.
Returns to the default retransmission number.
Returns to privileged EXEC mode.
Verifies your entries.
Configuring IEEE 802.1X Port-Based Authentication
Figure 25-3 on page