2-102
Catalyst 3550 Multilayer Switch Command Reference
OL-8566-02
Chapter 2 Catalyst 3550 Switch Cisco IOS Commands
dot1x port-control
• Dynamic-access ports—If you try to enable IEEE 802.1x authentication on a dynamic-access
(VLAN Query Protocol [VQP]) port, an error message appears, and IEEE 802.1x authentication is
not enabled. If you try to change an IEEE 802.1x-enabled port to dynamic VLAN assignment, an
error message appears, and the VLAN configuration is not changed.
• EtherChannel port—Do not configure a port that is an active or a not-yet-active member of an
EtherChannel as an IEEE 802.1x port. If you try to enable IEEE 802.1x authentication on an
EtherChannel port, an error message appears, and IEEE 802.1x authentication is not enabled.
Note In software releases earlier than Cisco IOS Release 12.2(25)SE, if IEEE 802.1x
authentication is enabled on a not-yet active port of an EtherChannel, the port does not join
the EtherChannel.
• Switched Port Analyzer (SPAN) destination port—You can enable IEEE 802.1x authentication on
a port that is a SPAN destination port; however, IEEE 802.1x authentication is disabled until the
port is removed as a SPAN destination. You can enable IEEE 802.1x authentication on a SPAN
source port.
To disable IEEE 802.1x authentication globally on the switch, use the no dot1x system-auth-control
global configuration command. To disable IEEE 802.1x authentication on a specific interface, use the
no dot1x port-control interface configuration command.
Examples This example shows how to enable IEEE 802.1x authentication on an interface:
Switch(config)# interface fastethernet0/1
Switch(config-if)# dot1x port-control auto
You can verify your settings by entering the show dot1x [interface interface-id] privileged EXEC
command.
Related Commands Command Description
show dot1x [interface interface-id] Displays IEEE 802.1x status for the specified interface.
To Next Page
Loading...
