Configure EAP on a Port

Procedure

Enter GigabitEthernet Interface Configuration mode:

enable

configure terminal

interface GigabitEthernet {slot/port[/sub-port][-slot/port[/sub-port]][,...][slot/all][all]}

Note

If the platform supports channelization and the port is channelized, you must also specify the sub-port in the format slot/port/sub-port.
Configure the maximum EAP requests sent to the supplicant before timing out the session:

eapol [port {slot/port[/sub-port][-slot/port[/sub-port]][,...][slot/all][all]}] max-request <1-10>
Configure the time interval between authentication failure and the start of a new authentication:

eapol [port {slot/port[/sub-port][-slot/port[/sub-port]][,...][slot/all][all]}] quiet-interval <1-65535>
Enable reauthentication:

eapol [port {slot/port[/sub-port][-slot/port[/sub-port]][,...][slot/all][all]}] re-authentication enable
Configure the time interval between successive authentications:

eapol [port {slot/port[/sub-port][-slot/port[/sub-port]][,...][slot/all][all]}] re-authentication-period <0, 60-65535>
Configure the EAP authentication status:

eapol [port {slot/port[/sub-port][-slot/port[/sub-port]][,...][slot/all][all]}] status {authorized|auto}

Example

Configure the maximum EAP requests sent to the supplicant before timing out the session:

Switch:1>enable
Switch:1#configure terminal
Switch:1(config)#interface GigabitEthernet 1/2
Switch:1(config-if)#eapol max-request 10
Switch:1(config-if)#eapol port 1/2 quiet-interval 500

Variable Definitions

The following table defines parameters for the eapol port command.


Variable	Value
`{slot/port[/sub-port][-slot/port[/sub-port]][,...][slot/all][all]}`	Specifies the port or list of ports used by EAP. Identifies the slot and port in one of the following formats: a single slot and port (slot/port) a range of slots and ports (slot/port-slot/port) a series of slots and ports (slot/port,slot/port,slot/port) all ports on the same slot (slot/all) all ports on the switch (all) If the platform supports channelization and the port is channelized, you must also specify the sub-port in the format slot/port/sub-port.
max-request <1-10>	Specifies the maximum EAP requests sent to the supplicant before timing out the session. The default is 2.
quiet-interval <1-65535>	Specifies the time interval in seconds between the authentication failure and start of a new authentication. The default is 60.
re-authentication enable	Enables reauthentication of an existing supplicant at a specified time interval.
re-authentication-period <0, 60-65535>	Specifies the time interval, in seconds, between successive authentication. Configure the value to 0 to prevent EAP or NEAP sessions from aging out. Caution: Preventing re-authentication can introduce a security risk. The default is 3600 (1 hour).
status {authorized\|auto}	Specifies the desired EAP authentication status for this port.