178 MES1000, MES2000 Ethernet Switches
Ethernet interface configuration mode commands
Command line request in Ethernet interface configuration mode appears as follows:
console(config-if)#
Table 5.205 —Ethernet interface configuration mode commands
dot1x host-mode
{multi-host | single-host |
multi-sessions}
Allow the presence of single/multiple clients on the authorized
802.1X port.
- multi-host—multiple clients
- single-host—single client
- multi-sessions—multiple sessions
dot1x violation-mode
{restrict | protect |
shutdown }
Define the action that should be performed when the device
with MAC address, that differs from the client's MAC address,
attempts to access the interface.
- restrict—packets with MAC address, that differs from the
client's MAC address, are forwarded; the source address
learning is not performed
- protect—packets with MAC address, that differs from the
client's MAC address, are dropped
- shutdown—port is disabled; packets with MAC address, that
differs from the client's MAC address, are dropped
SNMP trap message generation frequency, when unauthorized
packets arrive, equals to 1 second.
The command is ignored in the multiple hosts mode.
no dot1x
single-host-violation
Restore the default value.
Allow unauthorized users of this interface to access the guest
VLAN.
The device should have at least one guest VLAN
authorized (dot1x guest-vlan command in VLAN
interface settings).
no dot1x guest-vlan enable
Deny unauthorized users of this interface to access the guest
VLAN.
dot1x mac-authentication
{mac-only |
mac-and-802.1x}
Enable authentication based on the user MAC addresses.
- mac-only—enable authentication based on MAC addresses
only, 802.1х packets are ignored
- mac-and-802.1x—enable authentication based on 802.1х
and MAC addresses
- Guest VLAN should be enabled, when
authentication based on МАС address is used.
- There should be no static MAC address bindings.
- Re-authentication function should be enabled.
no dot1x mac-
authentication
Disable authentication based on the user MAC addresses.
dot1x radius-attributes
filter-id
Enable authentication based on ACL/assign QoS-Policy.
no dot1x radius-attributes
filter-id
Restore the default value.
dot1x radius-attributes
vlan
Enables Tunnel-Private-Group-ID (81) option processing in
RADIUS server messages.
no dot1x radius-attributes
vlan
Disables Tunnel-Private-Group-ID (81) option processing in
RADIUS server messages.
VLAN configuration mode commands
Command line request in VLAN interface configuration mode appears as follows:
console(config-if)#
To Next Page
Loading...
Need help?
General
