X Configuration Guidelines - Cisco Catalyst 4500 Series Configuration Manual
Release ios xe 3.3.0sg and ios 15.1(1)sg
Hide thumbs
Also See for Catalyst 4500 Series:
- Software configuration manual (2086 pages) ,
- Administration manual (1814 pages) ,
- Configuration manual (1254 pages)
Table of Contents
Advertisement
Configuring 802.1X Port-Based Authentication
Table 44-1
Default 802.1X Configuration (continued)
Feature
Retransmission time
Maximum retransmission number
Multiple host support
Client timeout period
Authentication server timeout period
802.1X Configuration Guidelines
Guidelines for configuring 802.1X authentication include the following:
•
•
Enabling 802.1X Authentication
To enable 802.1X port-based authentication, you first must enable 802.1X globally on your switch, then
enable AAA and specify the authentication method list. A method list describes the sequence and
authentication methods that must be queried to authenticate a user.
The software uses the first method listed in the method list to authenticate users; if that method fails to
respond, the software selects the next authentication method in the list. This process continues until there
is successful communication with a listed authentication method or until all defined methods are
exhausted. If authentication fails at any point in this cycle, the authentication process stops, and no other
authentication methods are attempted.
Software Configuration Guide—Release IOS XE 3.3.0SG and IOS 15.1(1)SG
44-28
The 802.1X protocol is supported only on Layer 2 static access, PVLAN host ports, and Layer 3
routed ports. You cannot configure 802.1X for any other port modes.
If you are planning to use VLAN assignment, be aware that the features use general AAA
commands. For information on how to configure AAA, refer to the
Authentication" section on page
documentation at this location:
http://www.cisco.com/en/US/products/ps6586/products_ios_technology_home.html
Chapter 44
Default Setting
30 sec
Number of seconds that the switch should wait for a response to
an EAP request/identity frame from the client before
retransmitting the request.
2
Number of times that the switch sends an EAP-request/identity
frame before restarting the authentication process.
Disabled
30 sec
When relaying a request from the authentication server to the
client, the amount of time that the switch waits for a response
before retransmitting the request to the client.
30 sec
When relaying a response from the client to the authentication
server, the amount of time that the switch waits for a reply before
retransmitting the response to the server. This setting is not
configurable.
44-28. Alternatively, you can refer to the Cisco IOS security
Configuring 802.1X Port-Based Authentication
"Enabling 802.1X
OL-25340-01
- Quick Links:
- Resetting a Switch to Factory Default...
Hide quick links:
Advertisement
Chapters
Table of Contents
Troubleshooting
