This figure shows the authentication process.
Figure 91: Authentication Flowchart
The switch re-authenticates a client when one of these situations occurs:
•
Periodic re-authentication is enabled, and the re-authentication timer expires.
You can configure the re-authentication timer to use a switch-specific value or to be based on values
from the RADIUS server.
After 802.1x authentication using a RADIUS server is configured, the switch uses timers based on the
Session-Timeout RADIUS attribute (Attribute[27]) and the Termination-Action RADIUS attribute
(Attribute [29]).
The Session-Timeout RADIUS attribute (Attribute[27]) specifies the time after which re-authentication
occurs.
The Termination-Action RADIUS attribute (Attribute [29]) specifies the action to take during
re-authentication. The actions are
Initialize
and
ReAuthenticate
. When the
Initialize
action is set (the
attribute value is
DEFAULT
), the 802.1x session ends, and connectivity is lost during re-authentication.
When the
ReAuthenticate
action is set (the attribute value is RADIUS-Request), the session is not affected
during re-authentication.
•
You manually re-authenticate the client by entering the
dot1x re-authenticate interface interface-id
privileged EXEC command.
Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
1321
Information About 802.1x Port-Based Authentication
Summary of Contents for Catalyst 2960 Series
Page 96: ......
Page 196: ......
Page 250: ......
Page 292: ......
Page 488: ......
Page 589: ...P A R T VI Cisco Flexible NetFlow Configuring NetFlow Lite page 509 ...
Page 590: ......
Page 619: ...P A R T VII QoS Configuring QoS page 539 Configuring Auto QoS page 645 ...
Page 620: ......
Page 750: ......
Page 1604: ......
Page 1740: ......
Page 2105: ...P A R T XII Configuring Cisco IOS IP SLAs Configuring Cisco IP SLAs page 2025 ...
Page 2106: ......
Page 2118: ......
Page 2164: ......