9-25
Catalyst 2928 Switch Software Configuration Guide
OL-23389-01
Chapter 9 Configuring IEEE 802.1x Port-Based Authentication
Configuring IEEE 802.1x Authentication
Changing the Quiet Period
When the switch cannot authenticate the client, the switch remains idle for a set period of time and then
tries again. The
dot1x timeout quiet-period
interface configuration command controls the idle period.
A failed authentication of the client might occur because the client provided an invalid password. You
can provide a faster response time to the user by entering a number smaller than the default.
Beginning in privileged EXEC mode, follow these steps to change the quiet period. This procedure is
optional.
To return to the default quiet time, use the
no
dot1x timeout quiet-period
interface configuration
command.
This example shows how to set the quiet time on the switch to 30 seconds:
Switch(config-if)#
dot1x timeout quiet-period 30
Changing the Switch-to-Client Retransmission Time
The client responds to the EAP-request/identity frame from the switch with an EAP-response/identity
frame. If the switch does not receive this response, it waits a set period of time (known as the
retransmission time) and then resends the frame.
Note
You should change the default value of this command only to adjust for unusual circumstances such as
unreliable links or specific behavioral problems with certain clients and authentication servers.
Beginning in privileged EXEC mode, follow these steps to change the amount of time that the switch
waits for client notification. This procedure is optional.
Command
Purpose
Step 1
configure terminal
Enter global configuration mode.
Step 2
interface
interface-id
Specify the port to be configured, and enter interface configuration mode.
Step 3
dot1x timeout quiet-period
seconds
Set the number of seconds that the switch remains in the quiet state
following a failed authentication exchange with the client.
The range is 1 to 65535 seconds; the default is 60.
Step 4
end
Return to privileged EXEC mode.
Step 5
show dot1x interface
interface-id
Verify your entries.
Step 6
copy running-config startup-config
(Optional) Save your entries in the configuration file.
Command
Purpose
Step 1
configure terminal
Enter global configuration mode.
Step 2
interface
interface-id
Specify the port to be configured, and enter interface configuration mode.
Step 3
dot1x timeout tx-period
seconds
Set the number of seconds that the switch waits for a response to an
EAP-request/identity frame from the client before resending the request.
The range is 5 to 65535 seconds; the default is 5.