802.1X Configuration Guidelines - Cisco 2950 - Catalyst Switch Configuration Manual
Software configuration guide
Hide thumbs
Also See for 2950 - Catalyst Switch:
- Command reference manual (686 pages) ,
- Software configuration manual (674 pages) ,
- Software manual (376 pages)
Table of Contents
Advertisement
Configuring 802.1x Authentication
Table 10-1 Default 802.1x Configuration (continued)
Feature
Quiet period
Retransmission time
Maximum retransmission number
Host mode
Guest VLAN
Client timeout period
Authentication server timeout period
802.1x Configuration Guidelines
These are the 802.1x authentication configuration guidelines:
•
•
Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide
10-10
When 802.1x is enabled, ports are authenticated before any other Layer 2 features are enabled.
The 802.1x protocol is supported on Layer 2 static-access ports and voice VLAN ports, but it is not
supported on these port types:
Trunk port—If you try to enable 802.1x on a trunk port, an error message appears, and 802.1x
–
is not enabled. If you try to change the mode of an 802.1x-enabled port to trunk, the port mode
is not changed.
Dynamic ports—A port in dynamic mode can negotiate with its neighbor to become a trunk
–
port. If you try to enable 802.1x on a dynamic port, an error message appears, and 802.1x is not
enabled. If you try to change the mode of an 802.1x-enabled port to dynamic, the port mode is
not changed.
–
Dynamic-access ports—If you try to enable 802.1x on a dynamic-access (VLAN Query
Protocol [VQP]) port, an error message appears, and 802.1x is not enabled. If you try to change
an 802.1x-enabled port to dynamic VLAN assignment, an error message appears, and the
VLAN configuration is not changed.
EtherChannel ports—Do not configure a port that is an active or a not-yet-active member of an
–
EtherChannel as an 802.1x port. If you try to enable 802.1x on an EtherChannel port, an error
message appears, and 802.1x is not enabled.
Chapter 10
Configuring 802.1x Port-Based Authentication
Default Setting
60 seconds (number of seconds that the switch remains in
the quiet state following a failed authentication exchange
with the client).
30 seconds (number of seconds that the switch should
wait for a response to an EAP request/identity frame
from the client before resending the request).
2 times (number of times that the switch will send an
EAP-request/identity frame before restarting the
authentication process).
Single-host mode.
None specified.
30 seconds (when relaying a request from the
authentication server to the client, the amount of time the
switch waits for a response before resending the request
to the client.
30 seconds (when relaying a response from the client to
the authentication server, the amount of time the switch
waits for a reply before resending the response to the
server. This setting is not configurable.)
78-11380-10
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
