Configuring a supplicant switch port

Enable supplicant operation on a port before changing the supplicant configuration. Execute the supplicant command once without any other parameters, then execute it again with a supplicant parameter that you want to configure. If the intended authenticator port uses RADIUS authentication, then use the identity and secret options to configure the RADIUS-expected credentials on the supplicant port. If the intended authenticator port uses Local 802.1X authentication, then use the identity and secret options to configure the authenticator switch local username and password on the supplicant port.

Syntax:


aaa port-access supplicant [ethernet] <port-list>

To enable supplicant operation on the designated ports, execute this command without any other parameters. To configure supplicant operation, use the same command again with the following parameters. Use one instance of the command for each parameter you want to configure. The no form disables supplicant operation on the designated ports.


[identity <username>]

Sets the username and password to send in response to an authentication request. If the intended authenticator port is configured for RADIUS authentication, then <username> and <password> must be the username and password expected by the RADIUS server. If the intended authenticator port is configured for Local authentication, then <username> and <password> must be the username and password configured on the Authenticator switch. (Default: Null.)


[secret]

Enter secret: <password>

Repeat secret: <password>

Sets the secret password to be used by the port supplicant when an MD5 authentication request is received from an authenticator. The switch prompts you to enter the secret password after the command is invoked.


[auth-timeout <1-300>]

Sets the delay period that the port waits to receive a challenge from the authenticator. If the request times out, the port sends another request, up to the number of attempts specified by the max-start parameter. (Default: 30 seconds).


[max-start &lt;1-10>]

Defines the maximum number of times the supplicant port requests authentication. See step 1 in Configuring switch ports to operate as supplicants for 802.1X connections to other switches for a description of how the port reacts to the authenticator response. (Default: 3).


[held-period <0-65535>]

Sets the time period that the supplicant port waits after an active 802.1X session fails before trying to reacquire the authenticator port. (Default: 60 seconds)


[start-period <1-300>]

Sets the delay between Start packet retransmissions. That is, after a supplicant sends a start packet, it waits during the start-period for a response. If no response comes during the start-period, the supplicant sends a new start packet. The max-start setting specifies how many start attempts are allowed in the session. (Default: 30 seconds)


[initialize]

On the specified ports, blocks inbound and outbound traffic and restarts the 802.1X authentication process. Affects only ports configured as 802.1X supplicants.


[clear-statistics]

Clears and restarts the 802.1X supplicant statistics counters.