Configuring EAP on a port

Configure EAP on a specific port when you do not want to apply EAP to all of the switch ports.

Procedure

Enter GigabitEthernet Interface Configuration mode:

enable

configure terminal

interface GigabitEthernet {slot/port[/sub-port][-slot/port[/sub-port]][,...]}

Note

If the platform supports channelization and the port is channelized, you must also specify the sub-port in the format slot/port/sub-port.
Configure the maximum EAP requests sent to the supplicant before timing out the session:

eapol port {slot/port[/sub-port] [-slot/port[/sub-port]] [,...]} max-request <1-10>
Configure the time interval between authentication failure and the start of a new authentication:

eapol port {slot/port[/sub-port] [-slot/port[/sub-port]] [,...]} quiet-interval <1-65535>
Enable reauthentication:

eapol port {slot/port[/sub-port] [-slot/port[/sub-port]] [,...]} re-authentication enable
Configure the time interval between successive authentications:

eapol port {slot/port[/sub-port] [-slot/port[/sub-port]] [,...]} re-authentication-period <1-65535>
Note

The EAP re-authentication period value is between 1-65535. Early releases support up to 2147483647. To maintain backward compatibility the CLI value is between 1–2147483647. Trying to configure above 65535 results in an error.
Configure the EAP authentication status:

eapol port {slot/port[/sub-port] [-slot/port[/sub-port]] [,...]} status {authorized|auto}

Example

Configure the maximum EAP requests sent to the supplicant before timing out the session:

Switch:1>enable
Switch:1#configure terminal
Switch:1(config)#interface GigabitEthernet 1/2
Switch:1(config-if)#eapol max-request 10
Switch:1(config-if)#eapol port 1/2 quiet-interval 500

Variable Definitions

The following table defines parameters for the eapol port command.


Variable	Value
`{slot/port[/sub-port] [-slot/port[/sub-port]] [,...]}`	Specifies the port or list of ports used by EAP. Identifies the slot and port in one of the following formats: a single slot and port (slot/port), a range of slots and ports (slot/port-slot/port), or a series of slots and ports (slot/port,slot/port,slot/port). If the platform supports channelization and the port is channelized, you must also specify the sub-port in the format slot/port/sub-port.
max-request <1-10>	Specifies the maximum EAP requests sent to the supplicant before timing out the session. The default is 2.
quiet-interval <1-65535>	Specifies the time interval in seconds between the authentication failure and start of a new authentication. The default is 60.
re-authentication enable	Enables reauthentication of an existing supplicant at a specified time interval.
re-authentication-period <1-65535>	Specifies the time interval in seconds between successive reauthentications. The default is 3600 (1 hour). Note: The EAP re-authentication period value is between 1–65535. Early releases support up to 2147483647. To maintain backward compatibility the CLI value is between 1–2147483647. Trying to configure above 65535 results in an error.
status {authorized\|auto}	Specifies the desired EAP authentication status for this port.