Cisco 2950G 24 Software Configuration Guide - Page 224
Enabling Periodic Re-Authentication
UPC - 746320687711
View all Cisco 2950G 24 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 224 highlights
Configuring 802.1X Authentication Chapter 8 Configuring 802.1X Port-Based Authentication This example shows how to specify the server with IP address 172.20.39.46 as the RADIUS server, to use port 1612 as the authorization port, and to set the encryption key to rad123, matching the key on the RADIUS server: Switch(config)# radius-server host 172.l20.39.46 auth-port 1612 key rad123 You can globally configure the timeout, retransmission, and encryption key values for all RADIUS servers by using the radius-server host global configuration command. If you want to configure these options on a per-server basis, use the radius-server timeout, radius-server retransmit, and the radius-server key global configuration commands. For more information, see the "Configuring Settings for All RADIUS Servers" section on page 7-29. You also need to configure some settings on the RADIUS server. These settings include the IP address of the switch and the key string to be shared by both the server and the switch. For more information, refer to the RADIUS server documentation. Enabling Periodic Re-Authentication You can enable periodic 802.1X client re-authentication and specify how often it occurs. If you do not specify a time period before enabling re-authentication, the number of seconds between re-authentication attempts is 3600. Automatic 802.1X client re-authentication is a global setting and cannot be set for clients connected to individual ports. To manually re-authenticate the client connected to a specific port, see the "Manually Re-Authenticating a Client Connected to a Port" section on page 8-11. Beginning in privileged EXEC mode, follow these steps to enable periodic re-authentication of the client and to configure the number of seconds between re-authentication attempts: Step 1 Step 2 Step 3 Step 4 Step 5 Step 6 Command configure terminal dot1x re-authentication dot1x timeout re-authperiod seconds end show dot1x copy running-config startup-config Purpose Enter global configuration mode. Enable periodic re-authentication of the client, which is disabled by default. Set the number of seconds between re-authentication attempts. The range is 1 to 4294967295; the default is 3600 seconds. This command affects the behavior of the switch only if periodic re-authentication is enabled. Return to privileged EXEC mode. Verify your entries. (Optional) Save your entries in the configuration file. To disable periodic re-authentication, use the no dot1x re-authentication global configuration command.To return to the default number of seconds between re-authentication attempts, use the no dot1x timeout re-authperiod global configuration command. This example shows how to enable periodic re-authentication and set the number of seconds between re-authentication attempts to 4000: Switch(config)# dot1x re-authentication Switch(config)# dot1x timeout re-authperiod 4000 8-10 Catalyst 2950 Desktop Switch Software Configuration Guide 78-14982-01