Configuring EAP on a port

Configure EAP on a specific port when you do not want to apply EAP to all of the switch ports.

Procedure

  1. Enter GigabitEthernet Interface Configuration mode:

    enable

    configure terminal

    interface GigabitEthernet {slot/port[/sub-port][-slot/port[/sub-port]][,...]}

    Note

    Note

    If the platform supports channelization and the port is channelized, you must also specify the sub-port in the format slot/port/sub-port.

  2. Configure the maximum EAP requests sent to the supplicant before timing out the session:

    eapol port {slot/port[/sub-port] [-slot/port[/sub-port]] [,...]} max-request <1-10>

  3. Configure the time interval between authentication failure and the start of a new authentication:

    eapol port {slot/port[/sub-port] [-slot/port[/sub-port]] [,...]} quiet-interval <1-65535>

  4. Enable reauthentication:

    eapol port {slot/port[/sub-port] [-slot/port[/sub-port]] [,...]} re-authentication enable

  5. Configure the time interval between successive authentications:
    eapol port {slot/port[/sub-port] [-slot/port[/sub-port]] [,...]} re-authentication-period <1-65535>
    Note

    Note

    The EAP re-authentication period value is between 1-65535. Early releases support up to 2147483647. To maintain backward compatibility the CLI value is between 1–2147483647. Trying to configure above 65535 results in an error.

  6. Configure the EAP authentication status:

    eapol port {slot/port[/sub-port] [-slot/port[/sub-port]] [,...]} status {authorized|auto}

Example

Configure the maximum EAP requests sent to the supplicant before timing out the session:

Switch:1>enable
Switch:1#configure terminal
Switch:1(config)#interface GigabitEthernet 1/2
Switch:1(config-if)#eapol max-request 10
Switch:1(config-if)#eapol port 1/2 quiet-interval 500

Variable Definitions

The following table defines parameters for the eapol port command.

Variable

Value

{slot/port[/sub-port] [-slot/port[/sub-port]] [,...]}

Specifies the port or list of ports used by EAP.

Identifies the slot and port in one of the following formats: a single slot and port (slot/port), a range of slots and ports (slot/port-slot/port), or a series of slots and ports (slot/port,slot/port,slot/port). If the platform supports channelization and the port is channelized, you must also specify the sub-port in the format slot/port/sub-port.

max-request <1-10>

Specifies the maximum EAP requests sent to the supplicant before timing out the session. The default is 2.

quiet-interval <1-65535>

Specifies the time interval in seconds between the authentication failure and start of a new authentication. The default is 60.

re-authentication enable

Enables reauthentication of an existing supplicant at a specified time interval.

re-authentication-period <1-65535>

Specifies the time interval in seconds between successive reauthentications. The default is 3600 (1 hour).

Note:

The EAP re-authentication period value is between 1–65535. Early releases support up to 2147483647. To maintain backward compatibility the CLI value is between 1–2147483647. Trying to configure above 65535 results in an error.

status {authorized|auto}

Specifies the desired EAP authentication status for this port.