9-27
Catalyst 2928 Switch Software Configuration Guide
OL-23389-01
Chapter 9 Configuring IEEE 802.1x Port-Based Authentication
Configuring IEEE 802.1x Authentication
Setting the Re-Authentication Number
You can also change the number of times that the switch restarts the authentication process before the
port changes to the unauthorized state.
Note
You should change the default value of this command only to adjust for unusual circumstances such as
unreliable links or specific behavioral problems with certain clients and authentication servers.
Beginning in privileged EXEC mode, follow these steps to set the re-authentication number. This
procedure is optional.
To return to the default re-authentication number, use the
no dot1x max-reauth-req
interface
configuration command.
This example shows how to set 4 as the number of times that the switch restarts the authentication
process before the port changes to the unauthorized state:
Switch(config-if)#
dot1x max-reauth-req 4
Configuring IEEE 802.1x Accounting
Enabling AAA system accounting with IEEE 802.1x accounting allows system reload events to be sent
to the accounting RADIUS server for logging. The server can then infer that all active IEEE 802.1x
sessions are closed.
Because RADIUS uses the unreliable UDP transport protocol, accounting messages might be lost due to
poor network conditions. If the switch does not receive the accounting response message from the
RADIUS server after a configurable number of retransmissions of an accounting request, this system
message appears:
Accounting message %s for session %s failed to receive Accounting Response.
When the stop message is not sent successfully, this message appears:
00:09:55: %RADIUS-4-RADIUS_DEAD: RADIUS server 172.20.246.201:1645,1646 is not responding.
Command
Purpose
Step 1
configure terminal
Enter global configuration mode.
Step 2
interface
interface-id
Specify the port to be configured, and enter interface configuration mode.
Step 3
dot1x max-reauth-req
count
Set the number of times that the switch restarts the authentication process
before the port changes to the unauthorized state. The range is 0 to 10; the
default is 2.
Step 4
end
Return to privileged EXEC mode.
Step 5
show dot1x interface
interface-id
Verify your entries.
Step 6
copy running-config startup-config
(Optional) Save your entries in the configuration file.