Chapter 8
| Authentication Commands
802.1X Port Authentication
– 261 –
dot1x port-control This command sets the dot1x mode on a port interface. Use the no form to restore
the default.
Syntax
dot1x port-control {auto | force-authorized | force-unauthorized}
no dot1x port-control
auto – Requires a dot1x-aware connected client to be authorized by the
RADIUS server. Clients that are not dot1x-aware will be denied access.
force-authorized – Configures the port to grant access to all clients, either
dot1x-aware or otherwise.
force-unauthorized – Configures the port to deny access to all clients,
either dot1x-aware or otherwise.
Default
force-authorized
Command Mode
Interface Configuration
Example
Console(config)#interface eth 1/2
Console(config-if)#dot1x port-control auto
Console(config-if)#
dot1x
re-authentication
This command enables periodic re-authentication for a specified port. Use the no
form to disable re-authentication.
Syntax
[no] dot1x re-authentication
Command Mode
Interface Configuration
Command Usage
◆ The re-authentication process verifies the connected client’s user ID and
password on the RADIUS server. During re-authentication, the client remains
connected the network and the process is handled transparently by the dot1x
client software. Only if re-authentication fails is the port blocked.
◆ The connected client is re-authenticated after the interval specified by the
dot1x timeout re-authperiod command. The default is 3600 seconds.
To Next Page
Loading...
