Configure EAP on a Port

Procedure

  1. Enter GigabitEthernet Interface Configuration mode:

    enable

    configure terminal

    interface GigabitEthernet {slot/port[/sub-port][-slot/port[/sub-port]][,...][slot/all][all]}

    Note

    Note

    If the platform supports channelization and the port is channelized, you must also specify the sub-port in the format slot/port/sub-port.

  2. Configure the maximum EAP requests sent to the supplicant before timing out the session:

    eapol [port {slot/port[/sub-port][-slot/port[/sub-port]][,...][slot/all][all]}] max-request <1-10>

  3. Configure the time interval between authentication failure and the start of a new authentication:

    eapol [port {slot/port[/sub-port][-slot/port[/sub-port]][,...][slot/all][all]}] quiet-interval <1-65535>

  4. Enable reauthentication:

    eapol [port {slot/port[/sub-port][-slot/port[/sub-port]][,...][slot/all][all]}] re-authentication enable

  5. Configure the time interval between successive authentications:

    eapol [port {slot/port[/sub-port][-slot/port[/sub-port]][,...][slot/all][all]}] re-authentication-period <0, 60-65535>

  6. Configure the EAP authentication status:

    eapol [port {slot/port[/sub-port][-slot/port[/sub-port]][,...][slot/all][all]}] status {authorized|auto}

Example

Configure the maximum EAP requests sent to the supplicant before timing out the session:

Switch:1>enable
Switch:1#configure terminal
Switch:1(config)#interface GigabitEthernet 1/2
Switch:1(config-if)#eapol max-request 10
Switch:1(config-if)#eapol port 1/2 quiet-interval 500

Variable Definitions

The following table defines parameters for the eapol port command.

Variable

Value

{slot/port[/sub-port][-slot/port[/sub-port]][,...][slot/all][all]}

Specifies the port or list of ports used by EAP.

Identifies the slot and port in one of the following formats:
  • a single slot and port (slot/port)

  • a range of slots and ports (slot/port-slot/port)

  • a series of slots and ports (slot/port,slot/port,slot/port)

  • all ports on the same slot (slot/all)

  • all ports on the switch (all)

If the platform supports channelization and the port is channelized, you must also specify the sub-port in the format slot/port/sub-port.

max-request <1-10>

Specifies the maximum EAP requests sent to the supplicant before timing out the session. The default is 2.

quiet-interval <1-65535>

Specifies the time interval in seconds between the authentication failure and start of a new authentication. The default is 60.

re-authentication enable

Enables reauthentication of an existing supplicant at a specified time interval.

re-authentication-period <0, 60-65535>

Specifies the time interval, in seconds, between successive authentication. Configure the value to 0 to prevent EAP or NEAP sessions from aging out.

Caution: Preventing re-authentication can introduce a security risk.

The default is 3600 (1 hour).

status {authorized|auto}

Specifies the desired EAP authentication status for this port.