C
HAPTER
24
| Authentication Commands
802.1X Port Authentication
– 850 –
other switches on to the authentication servers, thereby allowing the
authentication process to still be carried out by switches located on the
edge of the network.
â—† When this device is functioning as an edge switch but does not require
any attached clients to be authenticated, the no dot1x eapol-pass-
through command can be used to discard unnecessary EAPOL traffic.
EXAMPLE
This example instructs the switch to pass all EAPOL frame through to any
ports in STP forwarding state.
Console(config)#dot1x eapol-pass-through
Console(config)#
dot1x system-auth-
control
This command enables IEEE 802.1X port authentication globally on the
switch. Use the no form to restore the default.
SYNTAX
[no] dot1x system-auth-control
DEFAULT SETTING
Disabled
COMMAND MODE
Global Configuration
EXAMPLE
Console(config)#dot1x system-auth-control
Console(config)#
Authenticator Commands
dot1x intrusion-
action
This command sets the port’s response to a failed authentication, either to
block all traffic, or to assign all traffic for the port to a guest VLAN. Use the
no form to reset the default.
SYNTAX
dot1x intrusion-action {block-traffic | guest-vlan}
no dot1x intrusion-action
block-traffic - Blocks traffic on this port.
guest-vlan - Assigns the user to the Guest VLAN.
To Next Page
Loading...
Need help?
General
