802.1X Commands
page 44-2 OmniSwitch 6250 CLI Reference Guide November 2009
802.1x
Configures 802.1X parameters on a particular slot/port. Typically used for port access control on a dedi-
cated 802.1X port.
802.1x slot/port [direction {both | in}] [port-control {force-authorized | force-unauthorized | auto}]
[quiet-period seconds] [tx-period seconds] [supp-timeout seconds] [server-timeout seconds] [max-req
max_req] [re-authperiod seconds] [reauthentication | no reauthentication]
Syntax Definitions
slot/port The slot and port number of the 802.1x port.
both Configures bidirectional control on the port.
in Configures control over incoming traffic only.
force-authorized Forces the port control to be authorized, which means that the port is
open without restrictions and behaves as any other non-802.1X port.
Devices do not need to authenticate to traffic through the port.
force-unauthorized Forces the port control to be unauthorized, which means the port cannot
accept any traffic.
auto Configures the switch to dynamically control the port control status
based on authentication exchanges between the 802.1X end station and
the switch. Initially the port is in an unauthorized state; it becomes
authorized if a device successfully completes an 802.1X authentication
exchange with the switch.
quiet-period seconds The time during which the port will not accept an 802.1X authentica-
tion attempt; the timer is activated after any authentication failure.
During the time period specified, the switch will ignore and discard all
Extensible Authentication Protocol over LAN (EAPOL) packets. The
range is 0 to 65535 seconds.
tx-period seconds The time before an EAP Request Identity will be re-transmitted. The
range is 1 to 65535 seconds.
supp-timeout seconds The number of seconds before the switch will time out an 802.1X user
who is attempting to authenticate. The value should be modified to be a
greater value if the authentication process will require additional steps
by the user (for example, entering a challenge).
server-timeout seconds The timeout for the authentication server for authentication attempts.
This value is always superseded by the value configured for the
RADIUS authentication server configured through the aaa radius-
server command.
max_req The maximum number of times the switch will retransmit a request for
authentication information (request identity, password, challenge, etc.)
to the 802.1X user before it times out the authentication session based
on the supp-timeout. The range is 1 to 10.
To Next Page
Loading...
