Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

WiSM and re-authentication

Hi there,

I'm trying to force WLAN clients to reauthenticate after a certain time by sending RADIUS attributes (session-timeout/termination-action) to a WiSM module after successful 802.1x authentication.

This does not work. But configuring a reauthentication locally on WiSM works. But as I have multiple WiSM modules I'd like to configure that centrally at the RADIUS server.

Does WiSM support that? Which RADIUS attributes do I need to send.

Thanks!

1 REPLY
Bronze

Re: WiSM and re-authentication

The 802.1X protocol is supported on Layer 2 static-access ports, but it is not supported on these port types:

Trunk port?If you try to enable 802.1X on a trunk port, an error message appears, and 802.1X is not enabled. If you try to change the mode of an 802.1X-enabled port to trunk, the port mode is not changed.

Dynamic ports?A port in dynamic mode can negotiate with its neighbor to become a trunk port. If you try to enable 802.1X on a dynamic port, an error message appears, and 802.1X is not enabled. If you try to change the mode of an 802.1X-enabled port to dynamic, the port mode is not changed.

Dynamic-access ports?If you try to enable 802.1X on a dynamic-access (VLAN Query Protocol [VQP]) port, an error message appears, and 802.1X is not enabled. If you try to change an 802.1X-enabled port to dynamic VLAN assignment, an error message appears, and the VLAN configuration is not changed.

EtherChannel port?Before enabling 802.1X on the port, you must first remove the port from the EtherChannel before enabling 802.1X on it. If you try to enable 802.1X on an EtherChannel or on an active port in an EtherChannel, an error message appears, and 802.1X is not enabled. If you enable 802.1X on a not-yet active port of an EtherChannel, the port does not join the EtherChannel.

Secure port?You cannot configure a secure port as an 802.1X port. If you try to enable 802.1X on a secure port, an error message appears, and 802.1X is not enabled. If you try to change an 802.1X-enabled port to a secure port, an error message appears, and the security settings are not changed.

Switch Port Analyzer (SPAN) destination port?You can enable 802.1X on a port that is a SPAN destination port; however, 802.1X is disabled until the port is removed as a SPAN destination. You can enable 802.1X on a SPAN source port.

138
Views
0
Helpful
1
Replies
CreatePlease login to create content