Support User Manuals

Cisco Systems 3560-X Switch User Manual

Open as PDF

of 1438

11-35

Catalyst 3750-X and 3560-X Switch Software Configuration Guide

OL-21521-01

Chapter 11 Configuring IEEE 802.1x Port-Based Authentication

Configuring 802.1x Authentication

• Configuring a Web Authentication Local Banner, page 11-65 (optional)

• Disabling 802.1x Authentication on the Port, page 11-66 (optional)

• Resetting the 802.1x Authentication Configuration to the Default Values, page 11-66 (optional)

• Configuring MKA and MACsec, page 11-67 (optional)

Default 802.1x Authentication Configuration

Ta ble 11-4 Default 802.1x Authentication Configuration

Feature Default Setting

Switch 802.1x enable state Disabled.

Per-port 802.1x enable state Disabled (force-authorized).

The port sends and receives normal traf

fic without 802.1x-based

authentication of the client.

AAA Disabled.

RADIUS server

• IP address

• UDP authentication port

• Key

• None specified.

• 1812.

• None specified.

Host mode Single-host mode.

Control direction Bidirectional control.

Periodic re-authentication Disabled.

Number of seconds between re-authentication

attempt

s

3600 seconds.

Re-authentication number 2 times (number of times that the switch restarts the authentication process

b

efore the port changes to the unauthorized state).

Quiet period 60 seconds (number of seconds that the switch remains in the quiet state

fo

llowing a failed authentication exchange with the client).

Retransmission time 30 seconds (number of seconds that the switch should wait for a response to

an EA

P request/identity frame from the client before resending the request).

Maximum retransmission number 2 times (number of times that the switch will send an EAP-request/identity

fr

ame before restarting the authentication process).

Client timeout period 30 seconds (when relaying a request from the authentication server to the

cli

ent, the amount of time the switch waits for a response before resending the

request to the client.)

Authentication server timeout period 30 seconds (when relaying a response from the client to the authentication

serv

er, the amount of time the switch waits for a reply before resending the

response to the server.)

You can change this timeout period by using the dot

1x timeout

server-timeout interface configuration command.

Guest VLAN None specified.

Inaccessible authentication bypass Disabled.

previous next