How do I enforce EAP-TLS re-authentication at regular intervals?

[Alan Buxey]

hi,

you can send a session-timeout from FreeRADIUS - but its up to the NAS
to accept and enforce that. you should also be able to configure your
switches in the 802.1X dot1x settings
(I believe this is now port based rather than global on all IOS switches

dot1x timeout reauth-period

but you need to run

dot1x reauthentication

to activate/enable that

more help here

>dot1x timeout ?


alan