authenticator
To configure authenticator parameters and to enter the authenticator configuration sub mode, use the authenticator command in dot1x profile configuration sub mode. To remove this configuration, use the no form of this command.
authenticator { eap profile profile-name | host-mode { multi-auth | multi-host | single-host } | server dead action { auth-fail | auth-retry } | timer { mab-retry-time retry-timer-value | reauth-time { reauth-timer-value | server } } }
Syntax Description
eap |
Enables local Extensible Authentication Protocol (EAP) server for MACSec. |
||
profile-name |
Specifies the EAP profile name, in WORD. |
||
host-mode |
Sets the host mode for authentication.
|
||
server dead action |
Sets the action to be taken when the remote AAA server is unreachable. You can set it as either to retry the authentication or to consider it as authentication failure. |
||
timer |
Sets various timers for authentication. |
||
mab-retry-time |
Sets the interval, in seconds, after which the router re-initiates an authentication attempt for the MAC authentication bypass (MAB) clients, in scenarios where previous authentication failed or if the RADIUS server was unreachable. Range is 60 to 300, default being 60. |
||
reauth-time |
Sets the interval, in seconds, after which the router automatically initiates re-authentication process with the RADIUS server. Range is 60 to 5184000 (2 months). |
||
server |
Sets the re-authentication interval on the router as per the value specified by the RADIUS server. Minimum expected value is 60 seconds, default being 1 hour. |
Command Default
None
Command Modes
Dot1x profile configuration mode
Command History
Release |
Modification |
---|---|
Release 24.3.1 |
This command was modified to include the mab-retry-time timer option as part of the MAB feature. |
Release 6.4.1 |
This command was introduced. |
Usage Guidelines
No specific guidelines impact the use of this command.
Task ID
Task ID |
Operations |
---|---|
config-services |
read, write |
Examples
This example shows how to set the authenticator mode as single-host :
Router# configure
Router(config)# dot1x profile test_profile
Router(config-dot1x-test_profile)# authenticator host-mode single-host
Router(config-dot1x-test_profile)# commit
This example shows how to set the authenticator retry timer for MAB clients:
Router#configure
Router(config)#dot1x profile test_mab
Router(dot1xx-test_mab)#authenticator timer mab-retry-time 60
Router(dot1xx-test_mab)#commit