Configuring IEEE 802.1x Port-Based Authentication
This figure shows the authentication process.
Figure 18: Authentication Flowchart
The switch re-authenticates a client when one of these situations occurs:
• Periodic re-authentication is enabled, and the re-authentication timer expires.
You can configure the re-authentication timer to use a switch-specific value or to be based on values
from the RADIUS server.
After 802.1x authentication using a RADIUS server is configured, the switch uses timers based on the
Session-Timeout RADIUS attribute (Attribute[27]) and the Termination-Action RADIUS attribute
(Attribute [29]).
The Session-Timeout RADIUS attribute (Attribute[27]) specifies the time after which re-authentication
occurs.
The Termination-Action RADIUS attribute (Attribute [29]) specifies the action to take during
re-authentication. The actions are Initialize and ReAuthenticate. When the Initialize action is set (the
attribute value is DEFAULT), the 802.1x session ends, and connectivity is lost during re-authentication.
When the ReAuthenticate action is set (the attribute value is RADIUS-Request), the session is not affected
during re-authentication.
• You manually re-authenticate the client by entering the dot1x re-authenticate interface interface-id
privileged EXEC command.
OL-29048-01
Catalyst 2960-X Switch Security Configuration Guide, Cisco IOS Release 15.0(2)EX
Port-Based Authentication Process
265