MES53xx, MES33xx, MES23xx Ethernet Switch Series 158
dot1x violation-mode
{restrict | protect |
shutdown} [trap freq]
-/protect
freq: (1..1000000)/1
seconds
Specify the action to be performed when the device whose
MAC address differs from the client's MAC address attempts
to access the interface.
- restrict - packets whose MAC address differs from the client's
MAC address are forwarded; the source address is not
learned;
-protect - packets whose MAC address differs from the client's
MAC address are dropped;
- shutdown - port is turned down; packets whose MAC
address differs from the client's MAC address are dropped;
- freq - the SNMP trap messages generation frequency when
receiving unauthorized packets.
The command is ignored in the multiple hosts mode.
no dot1x
Allow unauthorized users of this interface to access the guest
VLAN.
The device should have at least one configured guest
VLAN (dot1x guest-vlan command in the VLAN
interface settings).
no dot1x guest-vlan enable
Deny unauthorized users of this interface access the guest
VLAN.
dot1x authentication
[mac | 802.1x | web]
Enable authentication
- mac - enable authentication based on MAC addresses;
- 802.1x – enable 802.1x based authentication;
- web - enable Web-based authentication
- Guest VLAN must be enabled when authentication
based on MAC address is used.
- There must be no static MAC address bindings.
- Re-authentication function must be enabled.
Disable authentication based on user MAC addresses.
Set the maximum number of hosts to be authenticated.
Return the default value.
dot1x max-login-attempts
num
Set the number of incorrect logins that may be entered before
the client is blocked.
0 - no limit
no dot1x
Return the default value.
VLAN configuration mode commands
Command line prompt in the VLAN interface configuration mode is as follows:
console(config-if)#
Table 5.172. VLAN interface configuration mode commands
Unauthorized user access
is denied by default.
Allow access to the current VLAN for unauthorized users.
Deny access to the current VLAN for unauthorized users.
VLAN is not configured as a
guest VLAN
Specify the guest VLAN.
Allow unauthorized users of this interface to access the guest
VLAN. If the guest VLAN is specified and allowed, the port will
automatically join the guest VLAN when it is unauthorized and
leave the guest VLAN when it passes authorization. To use
these functions, the port must not be a static member of the
guest VLAN.
To Next Page
Loading...
Need help?
General
