You can enable periodic 802.1X client re-authentication and specify how often it occurs. If you do not specify a time period before enabling re-authentication, the number of seconds between re-authentication attempts is 3600.
Automatic 802.1X client re-authentication is a global setting and cannot be set for clients connected to individual ports. To manually re-authenticate the client connected to a specific port, see the "Manually Re-Authenticating a Client Connected to a Port" section.
Beginning in privileged EXEC mode, follow these steps to enable periodic re-authentication of the client and to configure the number of seconds between re-authentication attempts:
To disable periodic re-authentication, use the no dot1x re-authentication global configuration command.To return to the default number of seconds between re-authentication attempts, use the no dot1x timeout re-authperiod global configuration command.
This example shows how to enable periodic re-authentication and set the number of seconds between re-authentication attempts to 4000:
Switch(config)# dot1x re-authentication
Switch(config)# dot1x timeout re-authperiod 4000
You can manually re-authenticate the client connected to a specific port at any time by entering the dot1x re-authenticate interface interface-id privileged EXEC command. If you want to enable or disable periodic re-authentication, see the "Enabling Periodic Re-Authentication" section.
This example shows how to manually re-authenticate the client connected to Fast Ethernet port 0/1:
Switch# dot1x re-authenticate interface fastethernet0/1
Starting reauthentication on FastEthernet0/1
When the switch cannot authenticate the client, the switch remains idle for a set period of time, and then tries again. The idle time is determined by the quiet-period value. A failed authentication of the client might occur because the client provided an invalid password. You can provide a faster response time to the user by entering a smaller number than the default.
Beginning in privileged EXEC mode, follow these steps to change the quiet period:
To return to the default quiet time, use the no dot1x timeout quiet-period global configuration command.
This example shows how to set the quiet time on the switch to 30 seconds:
Switch(config)# dot1x timeout quiet-period 30
The client responds to the EAP-request/identity frame from the switch with an EAP-response/identity frame. If the switch does not receive this response, it waits a set period of time (known as the retransmission time) and then resends the frame.
Note 
You should change the default value of this command only to adjust for unusual circumstances such as unreliable links or specific behavioral problems with certain clients and authentication servers.
Beginning in privileged EXEC mode, follow these steps to change the amount of time that the switch waits for client notification:
To return to the default retransmission time, use the no dot1x timeout tx-period global configuration command.
This example shows how to set 60 as the number of seconds that the switch waits for a response to an EAP-request/identity frame from the client before resending the request:
Switch(config)# dot1x timeout tx-period 60