530 802.1X Commands
dot1x port-control
Use the dot1x port-control command in Interface Configuration mode to enable the IEEE
802.1X operation on the port.
Syntax
dot1x port-control {force-authorized | force-unauthorized | auto | mac-based}
no dot1x port-control
•
auto
— Enables 802.1X authentication on the interface and causes the port to transition to
the authorized or unauthorized state based on the 802.1X authentication exchange between
the switch and the client.
•
force-authorized
— Disables 802.1X authentication on the interface and causes the port to
transition to the authorized state without any authentication exchange required. The port
sends and receives normal traffic without 802.1X-based authentication of the client.
•
force-unauthorized
—
Denies all access through this interface by forcing the port to
transition to the unauthorized state, ignoring all attempts by the client to authenticate. The
switch cannot provide authentication services to the client through the interface.
•
mac-based
— Enables 802.1X authentication on the interface and allows multiple hosts to
authenticate on a single port. The hosts are distinguished by their MAC addresses.
Default Configuration
The default configuration is auto.
Command Mode
Interface Configuration (Ethernet) mode
User Guidelines
It is recommended that you disable the spanning tree or enable spanning-tree PortFast mode on
802.1X edge ports (ports in auto state that are connected to end stations), in order to go
immediately to the forwarding state after successful authentication.
When configuring a port to use MAC-based authentication, the port must be in switchport
general mode.
Example
The following command enables MAC-based authentication on port 1/g2
console(config)# interface ethernet 1/g2
console(config-if-1/g2)# dot1x port-control mac-based
To Next Page
Loading...
