Configuring IEEE 802.1x Authentication
Changing the Quiet Period
When the switch cannot authenticate the client, the switch remains idle for a set period of time and then
tries again. The dot1x timeout quiet-period interface configuration command controls the idle period.
A failed authentication of the client might occur because the client provided an invalid password. You
can provide a faster response time to the user by entering a number smaller than the default.
Beginning in privileged EXEC mode, follow these steps to change the quiet period. This procedure is
optional.
Command
Step 1
configure terminal
Step 2
interface interface-id
Step 3
dot1x timeout quiet-period seconds
Step 4
end
Step 5
show dot1x interface interface-id
Step 6
copy running-config startup-config
To return to the default quiet time, use the no dot1x timeout quiet-period interface configuration
command.
This example shows how to set the quiet time on the switch to 30 seconds:
Switch(config-if)# dot1x timeout quiet-period 30
Changing the Switch-to-Client Retransmission Time
The client responds to the EAP-request/identity frame from the switch with an EAP-response/identity
frame. If the switch does not receive this response, it waits a set period of time (known as the
retransmission time) and then resends the frame.
You should change the default value of this command only to adjust for unusual circumstances such as
Note
unreliable links or specific behavioral problems with certain clients and authentication servers.
Beginning in privileged EXEC mode, follow these steps to change the amount of time that the switch
waits for client notification. This procedure is optional.
Command
Step 1
configure terminal
Step 2
interface interface-id
Step 3
dot1x timeout tx-period seconds
Cisco IE 3000 Switch Software Configuration Guide
10-28
Chapter 10
Purpose
Enter global configuration mode.
Specify the port to be configured, and enter interface configuration mode.
Set the number of seconds that the switch remains in the quiet state
following a failed authentication exchange with the client.
The range is 1 to 65535 seconds; the default is 60.
Return to privileged EXEC mode.
Verify your entries.
(Optional) Save your entries in the configuration file.
Purpose
Enter global configuration mode.
Specify the port to be configured, and enter interface configuration mode.
Set the number of seconds that the switch waits for a response to an
EAP-request/identity frame from the client before resending the request.
The range is 1 to 65535 seconds; the default is 5.
Configuring IEEE 802.1x Port-Based Authentication
OL-13018-01