C
HAPTER
24
| Authentication Commands
802.1X Port Authentication
– 635 –
EXAMPLE
This example instructs the switch to pass all EAPOL frame through to any
ports in STP forwarding state.
Console(config)#dot1x eapol-pass-through
Console(config)#
dot1x system-auth-
control
This command enables IEEE 802.1X port authentication globally on the
switch. Use the no form to restore the default.
SYNTAX
[no] dot1x system-auth-control
DEFAULT SETTING
Disabled
COMMAND MODE
Global Configuration
EXAMPLE
Console(config)#dot1x system-auth-control
Console(config)#
dot1x intrusion-
action
This command sets the port’s response to a failed authentication, either to
block all traffic, or to assign all traffic for the port to a guest VLAN. Use the
no form to reset the default.
SYNTAX
dot1x intrusion-action {block-traffic | guest-vlan}
no dot1x intrusion-action
block-traffic - Blocks traffic on this port.
guest-vlan - Assigns the user to the Guest VLAN.
DEFAULT
block-traffic
COMMAND MODE
Interface Configuration
COMMAND USAGE
For guest VLAN assignment to be successful, the VLAN must be configured
and set as active (see the vlan database command) and assigned as the
guest VLAN for the port (see the network-access guest-vlan command).
To Next Page
Loading...
Need help?
General