MES53xx, MES33xx, MES23xx Ethernet Switch Series 157
The number of EAPOL packets with an incorrect length received by the current
authenticator.
EAPOL version received in the last packet.
Source MAC address received in the last packet.
11.1.2.2 Advanced authentication
With advanced dot1x settings, you can authenticate multiple clients connected to the port. There
are two authentication options: the first option is when the port-based authentication requires that a
single client be authenticated so that all clients will have access to the system (multiple hosts mode), and
the second option is when all clients connected to the port must be authenticated (multiple sessions
mode). If the port fails authentication in the multiple hosts mode, the access to network resources will be
denied for every connected hosts. Advanced settings also include administration of guest VLANs that can
be accessed by the users that are not authenticated.
The access port cannot be a member of an unauthenticated VLAN. The native VLAN of a
trunk port cannot be unauthenticated. However, for the port in General mode, the PVID
VLAN may be not authenticated (in this case only tagged packets can be received in an
unauthorized state).
Global configuration mode commands
Command line prompt in the global configuration mode is as follows:
console(config)#
Table 5.170. Global configuration mode commands
dot1x guest-vlan timeout
timeout
Specify the timeout between 802.1x authentication mode
activation (or port activation) and adding the port to a guest
VLAN.
no dot1x guest-vlan
timeout
dot1x traps authentication
success
Enable ‘trap’ message transmission when the client
successfully passes MAC address authentication based on
802.1x standard.
no dot1x traps
authentication success
dot1x traps authentication
failure
Enable ‘trap’ message transmission when the client fails MAC
address authentication based on 802.1x standard.
no dot1x traps
authentication failure
Ethernet interface configuration mode commands
Command line prompt in the Ethernet interface configuration mode is as follows:
console(config-if)#
Table 5.171. Ethernet interface configuration mode commands
dot1x host-mode
-host |
multi-sessions}
Allow one or multiple clients to be present on an authorized
802.1X port.
- multi-host - multiple clients;
- single-host - single host;
- multi-sessions – multiple sessions.
To Next Page
Loading...
Need help?
General
