29-19
Software Configuration Guide—Release 12.2(25)SG
OL-7659-03
Chapter 29 Understanding and Configuring 802.1X Port-Based Authentication
How to Configure 802.1X
Refer to the following Cisco IOS security documentation for information on how to configure AAA
system accounting:
• http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/fsecur_c/index.htm
• http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/fsecur_r/index.htm
Configuring RADIUS-Provided Session Timeouts
You can configure the Catalyst 4500 series switch to use a RADIUS-provided reauthentication timeout.
To configure RADIUS-provided timeouts, perform this task:
This example shows how to configure the switch to derive the re-authentication period from the server:
Switch# configure terminal
Switch(config)# interface fa3/1
Switch(config-if)# dot1x timeout reauth-period server
Switch(config-if)# end
Switch)# show dot1x interface fa2/1
Enabling 802.1X Accounting
Note If you plan to implement system-wide accounting, you should also configure 802.1X accounting.
Moreover, you need to inform the accounting server of the system reload event when the system is
reloaded. Doing this, ensures that the accounting server knows that all outstanding 802.1X sessions on
this system are closed.
After you configure 802.1X authentication and switch-to-RADIUS server communication, perform this
task to enable 802.1X accounting:
Command Purpose
Step 1
Switch# configure terminal
Enters global configuration mode.
Step 2
Switch(config)# interface
interface-id
Enters interface configuration mode.
Step 3
Switch(config-if)# dot1x-timeout
reauth-period {
interface
| server}
Sets the re-authentication period (seconds).
Step 4
Switch(config-if)# end
Returns to privileged EXEC mode.
Step 5
Switch # show dot1x
interface
Verifies your entries.
Step 6
Switch # copy running-config
startup-config
(Optional) Saves your entries in the configuration file.
Command Purpose
Step 1
Switch# configure terminal
Enters global configuration mode.
Step 2
Switch(config)# aaa accounting
dot1x default start-stop group
radius
Enables 802.1X accounting, using the list of all RADIUS servers.
