Configuring IEEE 802.1x Authentication
You should change the default value of this command only to adjust for unusual circumstances such as
Note
unreliable links or specific behavioral problems with certain clients and authentication servers.
Beginning in privileged EXEC mode, follow these steps to set the re-authentication number. This
procedure is optional.
Command
Step 1
configure terminal
Step 2
interface interface-id
Step 3
dot1x max-reauth-req count
Step 4
end
Step 5
show dot1x interface interface-id
Step 6
copy running-config startup-config
To return to the default re-authentication number, use the no dot1x max-reauth-req interface
configuration command.
This example shows how to set 4 as the number of times that the switch restarts the authentication
process before the port changes to the unauthorized state:
Switch(config-if)# dot1x max-reauth-req 4
Configuring IEEE 802.1x Accounting
Enabling AAA system accounting with IEEE 802.1x accounting allows system reload events to be sent
to the accounting RADIUS server for logging. The server can then infer that all active IEEE 802.1x
sessions are closed.
Because RADIUS uses the unreliable UDP transport protocol, accounting messages might be lost due to
poor network conditions. If the switch does not receive the accounting response message from the
RADIUS server after a configurable number of retransmissions of an accounting request, this system
message appears:
Accounting message %s for session %s failed to receive Accounting Response.
When the stop message is not sent successfully, this message appears:
00:09:55: %RADIUS-4-RADIUS_DEAD: RADIUS server 172.20.246.201:1645,1646 is not responding.
You must configure the RADIUS server to perform accounting tasks, such as logging start, stop, and
Note
interim-update messages and time stamps. To turn on these functions, enable logging of
"Update/Watchdog packets from this AAA client" in your RADIUS server Network Configuration tab.
Next, enable "CVS RADIUS Accounting" in your RADIUS server System Configuration tab.
Cisco IE 3000 Switch Software Configuration Guide
10-30
Chapter 10
Purpose
Enter global configuration mode.
Specify the port to be configured, and enter interface configuration mode.
Set the number of times that the switch restarts the authentication process
before the port changes to the unauthorized state. The range is 0 to 10; the
default is 2.
Return to privileged EXEC mode.
Verify your entries.
(Optional) Save your entries in the configuration file.
Configuring IEEE 802.1x Port-Based Authentication
OL-13018-01