C
HAPTER
16
| IEEE 802.1X Commands
– 270 –
COMMAND USAGE
◆ The authentication mode can only be set to Authorized for ports
participating in the Spanning Tree algorithm (see page 259).
◆ When 802.1X authentication is enabled on a port, the MAC address
learning function for this interface is disabled, and the addresses
dynamically learned on this port are removed from the common
address table.
◆ Authenticated MAC addresses are stored as dynamic entries in the
switch's secure MAC address table. Configured static MAC addresses
are added to the secure address table when seen on a switch port (see
the mac add command on page 296). Static addresses are treated as
authenticated without sending a request to a RADIUS server.
◆ When port status changes to down, all MAC addresses are cleared from
the secure MAC address table. Static VLAN assignments are not
restored.
EXAMPLE
Dot1x>state 9 authorized
Dot1x>state 9
Port Admin State Port State Last Source Last ID
---- ------------ --------------------- ----------------- -------
9 Authorized Link Down - -
Dot1x>
dot1x authenticate This command restarts the client authentication process for specified ports.
SYNTAX
dot1x authenticate [port-list] [now]
port-list - A specific port or a range of ports. (Range: 1-28, or all)
now - Forces re-initialization of the port/clients, and therefore
immediately starts re-authentication. The port/clients are set to the
unauthorized state while re-authentication is ongoing.
DEFAULT SETTING
None
COMMAND USAGE
◆ For port-based authentication, the re-authentication process verifies
the connected client’s user ID and password on the RADIUS server.
During re-authentication, the client remains connected to the network
and the process is handled transparently by the dot1x client software.
Only if re-authentication fails is the port blocked.
◆ This command is only effective when 802.1X is globally enabled (using
the dot1x mode command described on page 269) and the port's
To Next Page
Loading...
