2-88
Catalyst 3750 Metro Switch Command Reference
OL-9645-10
Chapter 2 Catalyst 3750 Metro Switch Cisco IOS Commands
dot1x port-control
dot1x port-control
Use the dot1x port-control interface configuration command to enable manual control of the
authorization state of the port. Use the no form of this command to return to the default setting.
dot1x port-control {auto | force-authorized | force-unauthorized}
no dot1x port-control
Syntax Description
Defaults The default is force-authorized.
Command Modes Interface configuration
Command History
Usage Guidelines You must globally enable 802.1x on the switch by using the dot1x system-auth-control global
configuration command before enabling 802.1x on a specific port.
The 802.1x protocol is supported on Layer 2 static-access ports, voice VLAN ports, and Layer 3 routed
ports.
You can use the auto keyword only if the port is not configured as one of these:
• Trunk port—If you try to enable 802.1x on a trunk port, an error message appears, and 802.1x is not
enabled. If you try to change the mode of an 802.1x-enabled port to trunk, an error message appears,
and the port mode is not changed.
• Dynamic ports—A port in dynamic mode can negotiate with its neighbor to become a trunk port. If
you try to enable 802.1x on a dynamic port, an error message appears, and 802.1x is not enabled. If
you try to change the mode of an 802.1x-enabled port to dynamic, an error message appears, and the
port mode is not changed.
• Dynamic-access ports—If you try to enable 802.1x on a dynamic-access (VLAN Query Protocol
[VQP]) port, an error message appears, and 802.1x is not enabled. If you try to change an
802.1x-enabled port to dynamic VLAN assignment, an error message appears, and the VLAN
configuration is not changed.
auto Enable 802.1x authentication on the port and cause the port to transition to the
authorized or unauthorized state based on the 802.1x authentication exchange
between the switch and the client.
force-authorized Disable 802.1x authentication on the port and cause the port to transition to the
authorized state without any authentication exchange required. The port sends
and receives normal traffic without 802.1x-based authentication of the client.
force-unauthorized Deny all access through this port by forcing the port to transition to the
unauthorized state, ignoring all attempts by the client to authenticate. The
switch cannot provide authentication services to the client through the port.
Release Modification
12.1(14)AX This command was introduced.
To Next Page
Loading...
