MES3000 Ethernet switch series 177
console(config-if)#
Table 5.206 —Ethernet interface configuration mode commands
dot1x host-mode
{multi-host | single-host |
multi-sessions}
Allow the presence of single/multiple clients on the authorized IEEE
802.1X port.
- multi-host—multiple clients
- single-host—single client
- multi-sessions—multiple sessions
dot1x violation-mode
{restrict | protect |
shutdown }
Define the action that should be performed when the device with
MAC address that differs from the client's MAC address, attempts
to access the interface.
- restrict—packets with MAC address, that differs from the client's
MAC address, are forwarded; the source address learning is not
performed
- protect—packets with MAC address, that differs from the client's
MAC address, are dropped
- shutdown—port is disabled; packets with MAC address, that
differs from the client's MAC address, are dropped
The frequency of SNMP trap message generation equals to 1 second
when unauthorized packets arrive,.
The command is ignored in the multiple hosts mode.
no dot1x
single-host-violation
Restore the default value.
Allow unauthorized users of this interface to access the guest VLAN.
The device should have at least one guest VLAN
customized (dot1x guest-vlan command in VLAN interface
settings).
no dot1x guest-vlan enable
Deny unauthorized users of this interface to access the guest VLAN.
dot1x mac-authentication
{mac-only |
mac-and-802.1x}
Enable authentication based on the user MAC addresses.
- mac-only—enable authentication based on MAC addresses only,
IEEE 802.1х packets are ignored
- mac-and-802.1x—enable authentication based on IEEE 802.1х and
MAC addresses
- Guest VLAN should be enabled when authentication
based on МАС address is used.
- There should be no static MAC address bindings.
- Re-authentication function should be enabled.
no dot1x mac-
authentication
Disable authentication based on the user MAC addresses.
dot1x mac-authentication
format username {
lowercase | uppercase } [
separator { - | : | . } ] [
groupsize { 1 | 2 | 4 } ]
-/lowercase without
separator and group
dividing (a1b2c3d4e5e6)
Command sets format of the line with clients MAC address, which is
transmitted in User-Name attribute.
-lowercase, uppercase - define alphabetic symbols register
-separator - sets the separator between the groups of symbols
-groupsize - quantity of symbols in every group. Settings of
parameters separator and groupsize are not obligatory. (i.e. only
register can be set, if it is necessary), but if MAC address is needed
to be shown separately, both parameters should be set.
Example of configuration:
dot1x mac-authentication format username uppercase separator :
groupsize 4
Line format in attribute:
A1B2:C3D4:E5F6
no dot1x mac-
authentication format
username
Restore the default value
dot1x mac-authentication
format password
Line password_string is transmitted in RADIUS attribute - User-
Password. MAC address is transmitted in format which is set by
dot1x mac-authentication format username command by default in
To Next Page
