Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
6856
Views
14
Helpful
16
Replies

What's the use of reauthentication in 802.1X switch?

darkeyeonfnight
Level 1
Level 1

‎06-25-2008 04:35 AM - edited ‎03-05-2019 11:48 PM

I find a configuration of something called reauthentication, why we use the reauthentication after a successful authentication? What's the use of it? Is it a method to achive some real-time authentication?

Labels:
0 Helpful
16 Replies 16

andrew.butterworth
Level 7
Level 7
In response to Subash Sharma

‎06-26-2008 01:56 AM

Sorry but you are wrong. This is the configuration from a Catalyst 3550 where I have this deployed:

interface FastEthernet0/5

description Laptop-802.1x

switchport access vlan 10

switchport mode access

switchport port-security maximum 1 vlan access

switchport port-security

switchport port-security aging time 3

switchport port-security violation restrict

switchport port-security aging type inactivity

mls qos monitor dscp 0 8 24 26 32 46 48 56

no snmp trap link-status

dot1x pae authenticator

dot1x port-control auto

dot1x violation-mode protect

dot1x timeout server-timeout 5

dot1x timeout reauth-period server

dot1x timeout tx-period 20

dot1x reauthentication

wrr-queue bandwidth 5 25 70 1

wrr-queue cos-map 1 1

wrr-queue cos-map 2 0

wrr-queue cos-map 3 2 3 4 6 7

wrr-queue cos-map 4 5

priority-queue out

spanning-tree portfast

service-policy input USER-DATA-POLICY

ip dhcp snooping limit rate 100

end

cat-3550#sho dot1x interface fastEthernet 0/5 details

Dot1x Info for FastEthernet0/5

-----------------------------------

PAE = AUTHENTICATOR

PortControl = AUTO

ControlDirection = Both

HostMode = SINGLE_HOST

Violation Mode = PROTECT

ReAuthentication = Enabled

QuietPeriod = 60

ServerTimeout = 5

SuppTimeout = 30

ReAuthPeriod = (From Authentication Server)

ReAuthMax = 2

MaxReq = 2

TxPeriod = 20

RateLimitPeriod = 0

Dot1x Authenticator Client List

-------------------------------

Domain = DATA

Supplicant = 000d.9d91.2ee2

Auth SM State = AUTHENTICATED

Auth BEND SM State = IDLE

Port Status = AUTHORIZED

ReAuthPeriod = 3600

ReAuthAction = Reauthenticate

TimeToNextReauth = 3051

Authentication Method = Dot1x

Authorized By = Authentication Server

Vlan Policy = N/A

cat-3550#sho port-security interface fastEthernet 0/5

Port Security : Enabled

Port Status : Secure-up

Violation Mode : Restrict

Aging Time : 3 mins

Aging Type : Inactivity

SecureStatic Address Aging : Disabled

Maximum MAC Addresses : 1

Total MAC Addresses : 1

Configured MAC Addresses : 0

Sticky MAC Addresses : 0

Last Source Address:Vlan : 000d.9d91.2ee2:10

Security Violation Count : 0

cat-3550#

I don't know what switch you are working on but 802.1x & Port-Security can be configured together:

http://www.cisco.com/en/US/docs/switches/lan/catalyst3550/software/release/12.2_44_se/configuration/guide/sw8021x.html#wp1112738

Andy

Subash Sharma
Level 1
Level 1
In response to andrew.butterworth

‎06-26-2008 04:46 PM

Noted. Thanks for the sharing.

0 Helpful
Customers Also Viewed These Support Documents