Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX
Chapter 46 Configuring IEEE 802.1X Port-Based Authentication
Configuring 802.1X Port-Based Authentication
Trunk port—If you try to enable 802.1X on a trunk port, an error message appears, and 802.1X
is not enabled. If you try to change the mode of an 802.1X-enabled port to trunk, the port mode
is not changed.
EtherChannel port—Before enabling 802.1X on the port, you must first remove it from the
EtherChannel port-channel interface. If you try to enable 802.1X on an EtherChannel
port-channel interface or on an individual active port in an EtherChannel, an error message
appears, and 802.1X is not enabled. If you enable 802.1X on a not-yet active individual port of
an EtherChannel, the port does not join the EtherChannel.
Secure port—You cannot configure a secure port as an 802.1X port. If you try to enable 802.1X
on a secure port, an error message appears, and 802.1X is not enabled. If you try to change an
802.1X-enabled port to a secure port, an error message appears, and the security settings are not
Switch Port Analyzer (SPAN) destination port—You can enable 802.1X on a port that is a SPAN
destination port; however, 802.1X is disabled until the port is removed as a SPAN destination
port. You can enable 802.1X on a SPAN source port.
The 802.1X protocol is not supported on ports configured with voice VLAN.
Configuring 802.1X Port-Based Authentication
These sections describe how to configure 802.1X port-based authentication:
Enabling 802.1X Port-Based Authentication, page 46-7
Configuring Router-to-RADIUS-Server Communication, page 46-9
Enabling Periodic Reauthentication, page 46-10
Manually Reauthenticating the Client Connected to a Port, page 46-11
Initializing Authentication for the Client Connected to a Port, page 46-11
Changing the Quiet Period, page 46-12
Changing the Router-to-Client Retransmission Time, page 46-12
Setting the Router-to-Client Frame Retransmission Number, page 46-14
Enabling Multiple Hosts, page 46-15
Resetting the 802.1X Configuration to the Default Values, page 46-15
Enabling 802.1X Port-Based Authentication
To enable 802.1X port-based authentication, you must enable AAA and specify the authentication
method list. A method list describes the sequence and authentication methods to be queried to
authenticate a user.
The software uses the first method listed to authenticate users; if that method fails to respond, the
software selects the next authentication method in the method list. This process continues until there is
successful communication with a listed authentication method or until all defined methods are
exhausted. If authentication fails at any point in this cycle, the authentication process stops, and no other
authentication methods are attempted.
To configure 802.1X port-based authentication, perform this task: