802.1x Commands 493
Syntax
•
dot1x port-control
{
auto
|
force-authorized
|
force-unauthorized
}
•
no dot1x port-control
•
auto —
Enable 802.1X authentication on the interface and cause the port to transition to the
authorized or unauthorized state based on the 802.1X authentication exchange between the
switch and the client.
•
force-authorized —
Disable 802.1X authentication on the interface and cause the port to
transition to the authorized state without any authentication exchange required. The port resends
and receives normal traffic without 802.1X-based authentication of the client.
•
force-unauthorized —
Deny all access through this interface by forcing the port to transition to
the unauthorized state, ignoring all attempts by the client to authenticate. The switch cannot
provide authentication services to the client through the interface.
Default Configuration
force-authorized.
Command Mode
Interface Configuration (Ethernet) mode.
User Guidelines
• It is recommended to disable spanning tree or to enable spanning-tree PortFast mode on 802.1x edge
ports (ports in auto state that are connected to end stations), in order to get immediately to the
forwarding state after successful authentication.
Examples
The following example enables 802.1X authentication on the interface.
dot1x re-authentication
The dot1x re-authentication Interface Configuration mode command enables periodic re-
authentication of the client. Use the no form of this command to return to the default setting.
Syntax
• dot1x re-authentication
•
no dot1x re-authentication
This command has no arguments or keywords.
Console (config)# interface ethernet g8
Console (config-if)# dot1x port-control auto
5400_CLI.book Page 493 Wednesday, December 17, 2008 4:33 PM
To Next Page
Loading...
