46-10
Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX
OL-4266-08
Chapter 46 Configuring IEEE 802.1X Port-Based Authentication
Configuring 802.1X Port-Based Authentication
•
For
key
string
, specify the authentication and encryption key used between the router and the
RADIUS daemon running on the RADIUS server. The key is a text string that must match the
encryption key used on the RADIUS server.
•
When you specify the
key
string
, spaces within and at the end of the key are used. If you use spaces
in the key, do not enclose the key in quotation marks unless the quotation marks are part of the key.
This key must match the encryption used on the RADIUS daemon.
•
You can globally configure the timeout, retransmission, and encryption key values for all RADIUS
servers by using the
radius-server host
global configuration command. If you want to configure
these options on a per-server basis, use the
radius-server timeout
,
radius-server retransmit
, and
the
radius-server key
global configuration commands. For more information, refer to the
Cisco IOS
Security Configuration Guide
, Release 12.2, publication and the
Cisco IOS Security Command
Reference
, Release 12.2, publication at this URL:
http://www.cisco.com/en/US/products/sw/iosswrel/ps1835/products_installation_and_configuratio
n_guides_list.html
Note
You also need to configure some settings on the RADIUS server. These settings include the IP address
of the router and the key string to be shared by both the server and the router. For more information, refer
to the RADIUS server documentation.
This example shows how to configure the RADIUS server parameters on the router:
Router#
configure terminal
Router(config)#
ip radius source-interface Vlan80
Router(config)#
radius-server host 172.l20.39.46
Router(config)#
radius-server key rad123
Router(config)#
end
Enabling Periodic Reauthentication
You can enable periodic 802.1X client reauthentication and specify how often it occurs. If you do not
specify a time period before enabling reauthentication, the number of seconds between reauthentication
attempts is 3600.
Automatic 802.1X client reauthentication is a global setting and cannot be set for clients connected to
individual ports. To manually reauthenticate the client connected to a specific port, see the
“Manually
Reauthenticating the Client Connected to a Port” section on page 46-11
.
To enable periodic reauthentication of the client and to configure the number of seconds between
reauthentication attempts, perform this task:
Command
Purpose
Step 1
Router(config)#
interface
type
1
slot/port
Selects an interface to configure.
Step 2
Router(config-if)#
dot1x reauthentication
Enables periodic reauthentication of the client, which is
disabled by default.
Router(config-if)#
no dot1x reauthentication
Disables periodic reauthentication of the client.