C
HAPTER
16
| IEEE 802.1X Commands
– 269 –
dot1x mode This command displays or sets the 802.1X mode for the switch.
SYNTAX
dot1x mode [enable | disable]
enable - Enables 802.1X globally for the switch.
disable - Disables 802.1X globally for the switch.
DEFAULT SETTING
Disabled
COMMAND USAGE
This command configures 802.1X and MAC-based authentication globally
on the switch. If globally disabled, all ports are allowed to forward frames.
EXAMPLE
Dot1x>mode enable
Dot1x>
dot1x state This command displays or sets the 802.1X security state (i.e.,
authentication mode) for specified ports
SYNTAX
dot1x state [port-list] [macbased | auto | authorized |
unauthorized]
port-list - A specific port or a range of ports. (Range: 1-28, or all)
macbased - Enables MAC-based authentication on the port. The
switch does not transmit or accept EAPOL frames on the port.
Flooded frames and broadcast traffic will be transmitted on the port,
whether or not clients are authenticated on the port, whereas
unicast traffic from an unsuccessfully authenticated client will be
dropped. Clients that are not (or not yet) successfully authenticated
will not be allowed to transmit frames of any kind.
auto - Requires a dot1x-aware client to be authorized by the
authentication server. Clients that are not dot1x-aware will be
denied access.
authorized - Forces the port to grant access to all clients, either
dot1x-aware or otherwise.
unauthorized - Forces the port to deny access to all clients, either
dot1x-aware or otherwise.
DEFAULT SETTING
Authorized
To Next Page
Loading...
