Chapter 10
Configuring IEEE 802.1x Port-Based Authentication
Manually Re-Authenticating a Client Connected to a Port
You can manually re-authenticate the client connected to a specific port at any time by entering the dot1x
re-authenticate interface interface-id privileged EXEC command. This step is optional. If you want to
enable or disable periodic re-authentication, see the
on page
This example shows how to manually re-authenticate the client connected to a port:
Switch# dot1x re-authenticate interface gigabitethernet2/0/1
Changing the Quiet Period
When the switch cannot authenticate the client, the switch remains idle for a set period of time and then
tries again. The authentication timer inactivity interface configuration command controls the idle
period. A failed client authentication might occur because the client provided an invalid password. You
can provide a faster response time to the user by entering a number smaller than the default.
Beginning in privileged EXEC mode, follow these steps to change the quiet period. This procedure is
optional.
Command
Step 1
configure terminal
Step 2
interface interface-id
Step 3
authentication timer inactivity seconds Set the number of seconds that the switch remains in the quiet state after
Step 4
end
Step 5
show authentication interface
interface-id
Step 6
copy running-config startup-config
To return to the default quiet time, use the no authentication timer inactivity interface configuration
command.
This example shows how to set the quiet time on the switch to 30 seconds:
Switch(config-if)# authentication timer inactivity 30
Changing the Switch-to-Client Retransmission Time
The client responds to the EAP-request/identity frame from the switch with an EAP-response/identity
frame. If the switch does not receive this response, it waits a set period of time (known as the
retransmission time) and then resends the frame.
Note
You should change the default value of this command only to adjust for unusual circumstances such as
unreliable links or specific behavioral problems with certain clients and authentication servers.
OL-26520-01
10-48.
Purpose
Enter global configuration mode.
Specify the port to be configured, and enter interface configuration mode.
a failed authentication exchange with the client.
The range is 1 to 65535 seconds; the default is 60.
Return to privileged EXEC mode.
Verify your entries.
(Optional) Save your entries in the configuration file.
Catalyst 2960 and 2960-S Switches Software Configuration Guide, Release 15.0(1)SE
Configuring 802.1x Authentication
"Configuring Periodic Re-Authentication" section
10-49