Cisco Systems WSC4500X16SFP Manual De Usuario
29-27
Software Configuration Guide—Release 12.2(25)SG
OL-7659-03
Chapter 29 Understanding and Configuring 802.1X Port-Based Authentication
How to Configure 802.1X
Setting the Switch-to-Client Frame-Retransmission Number
In addition to changing the switch-to-client retransmission times, you can change the number of times
that the switch sends EAP-Request/Identity and other EAP-Request frames to the client before restarting
the authentication process. The number of EAP-Request/Identity retransmissions is controlled by the
dot1x max-reauth-req command; the number of retransmissions for other EAP-Request frames is
controlled by the dot1x max-req command.
that the switch sends EAP-Request/Identity and other EAP-Request frames to the client before restarting
the authentication process. The number of EAP-Request/Identity retransmissions is controlled by the
dot1x max-reauth-req command; the number of retransmissions for other EAP-Request frames is
controlled by the dot1x max-req command.
Note
You should change the default values of these commands only to adjust for unusual circumstances such
as unreliable links or specific behavioral problems with certain clients and authentication servers.
as unreliable links or specific behavioral problems with certain clients and authentication servers.
To set the switch-to-client frame-retransmission numbers, perform this task:
To return to the default retransmission number, use the no dot1x max-req and
no dot1x max-reauth-req global configuration command.
no dot1x max-reauth-req global configuration command.
This example shows how to set 5 as the number of times that the switch retransmits an
EAP-request/identity request before restarting the authentication process:
EAP-request/identity request before restarting the authentication process:
Switch(config)# dot1x max-reauth-req 5
Enabling Multiple Hosts
You can attach multiple hosts to a single 802.1X-enabled port as shown in
In this mode, only one of the attached hosts must be successfully authorized for all hosts to be granted
network access. If the port becomes unauthorized (reauthentication fails or an EAPOL-logoff message
is received), all attached clients are denied access to the network.
network access. If the port becomes unauthorized (reauthentication fails or an EAPOL-logoff message
is received), all attached clients are denied access to the network.
Command
Purpose
Step 1
Switch# configure terminal
Enters global configuration mode.
Step 2
Switch(config)# interface
interface-id
Enters interface configuration mode and specifies the interface to be
enabled for max-reauth-req and/or max-req.
enabled for max-reauth-req and/or max-req.
Step 3
Switch(config-if)# dot1x max-req
count
or
Switch(config-if)# dot1x max-req
count
Specifies the number of times that the switch retransmits an EAP-request
frame of a type other than EAP-request/identity to the client before
restarting the authentication process.
frame of a type other than EAP-request/identity to the client before
restarting the authentication process.
Specifies the number of times that the switch retransmits an
EAP-request/identity frame to the client before restarting the
authentication process.
EAP-request/identity frame to the client before restarting the
authentication process.
The range for count is 1 to 10; the default is 2.
Step 4
Switch(config)# end
Returns to privileged EXEC mode.
Step 5
Switch# show dot1x all
Verifies your entries.
Step 6
Switch# copy running-config
startup-config
(Optional) Saves your entries in the configuration file.