Configuring EAP on a port

Configure EAP on a specific port when you do not want to apply EAP to all of the switch ports.

Procedure

  1. Enter GigabitEthernet Interface Configuration mode:

    enable

    configure terminal

    interface GigabitEthernet {slot/port[/sub-port][-slot/port[/sub-port]][,...]}

    Note

    Note

    If the platform supports channelization and the port is channelized, you must also specify the sub-port in the format slot/port/sub-port.

  2. Configure the maximum EAP requests sent to the supplicant before timing out the session:

    eapol port {slot/port[/sub-port] [-slot/port[/sub-port]] [,...]} max-request <1-10>

  3. Configure the time interval between authentication failure and the start of a new authentication:

    eapol port {slot/port[/sub-port] [-slot/port[/sub-port]] [,...]} quiet-interval <1-65535>

  4. Enable reauthentication:

    eapol port {slot/port[/sub-port] [-slot/port[/sub-port]] [,...]} re-authentication enable

  5. Configure the time interval between successive authentications:

    eapol port {slot/port[/sub-port] [-slot/port[/sub-port]] [,...]} re-authentication-period <1-65535>

  6. Configure the EAP authentication status:

    eapol port {slot/port[/sub-port] [-slot/port[/sub-port]] [,...]} status {authorized|auto}

Example

Configure the maximum EAP requests sent to the supplicant before timing out the session:

Switch:1>enable
Switch:1#configure terminal
Switch:1(config)#interface GigabitEthernet 1/2
Switch:1(config-if)#eapol max-request 10
Switch:1(config-if)#eapol port 1/2 quiet-interval 500

Variable Definitions

The following table defines parameters for the eapol port command.

Variable

Value

{slot/port[/sub-port] [-slot/port[/sub-port]] [,...]}

Specifies the port or list of ports used by EAP.

Identifies the slot and port in one of the following formats: a single slot and port (slot/port), a range of slots and ports (slot/port-slot/port), or a series of slots and ports (slot/port,slot/port,slot/port). If the platform supports channelization and the port is channelized, you must also specify the sub-port in the format slot/port/sub-port.

max-request <1-10>

Specifies the maximum EAP requests sent to the supplicant before timing out the session. The default is 2.

quiet-interval <1-65535>

Specifies the time interval in seconds between the authentication failure and start of a new authentication. The default is 60.

re-authentication enable

Enables reauthentication of an existing supplicant at a specified time interval.

re-authentication-period <60-65535>

Specifies the time interval in seconds between successive reauthentications. The default is 3600 (1 hour).

status {authorized|auto}

Specifies the desired EAP authentication status for this port.