Cisco Systems 3560 사용자 설명서

This example shows how to configure NAC Layer 2 802.1x validation:

Switch# configure terminal

Switch(config)# interface gigabitethernet0/1

Switch(config-if)# dot1x reauthentication

Switch(config-if)# dot1x timeout reauth-period server

Configuring this feature requires that one switch (outside a wiring closet) is configured as supplicant and 
is connected to an authenticator switch.

You cannot enable MDA or multiauth mode on the authenticator switch interface that connects 
to one more supplicant switches.

For overview information, see the 

.

The cisco-av-pairs must be configured as device-traffic-class=switch on the ACS, which sets the 
interface as a trunk after the supplicant is successfuly authenticated. 

Beginning in privileged EXEC mode, follow these steps to configure a switch as an authenticator:

dot1x timeout reauth-period {seconds | 
server}

Set the number of seconds between re-authentication attempts.

The keywords have these meanings:

seconds—Sets the number of seconds from 1 to 65535; the default is 
3600 seconds.

server—Sets the number of seconds based on the value of the 
Session-Timeout RADIUS attribute (Attribute[27]) and the 
Termination-Action RADIUS attribute (Attribute [29]).

This command affects the behavior of the switch only if periodic 
re-authentication is enabled.

Return to privileged EXEC mode.

show authentication interface 
interface-id

or 

show dot1x interface interface-id

Verify your 802.1x authentication configuration.

(Optional) Save your entries in the configuration file.

Enter global configuration mode.

Enable CISP.