Authentication Commands
4-99
4
Command Usage
• If you enable port security, the switch stops learning new MAC addresses on
the specified port when it has reached a configured maximum number. Only
incoming traffic with source addresses already stored in the dynamic or static
address table will be accepted.
• First use the port security max-mac-count command to set the number of
addresses, and then use the port security command to enable security on
the port.
•Use the no port security max-mac-count command to disable port security
and reset the maximum number of addresses to the default.
• You can also manually add secure addresses with the mac-address-table
static command.
• A secure port has the following restrictions:
- Cannot use port monitoring.
- Cannot be a multi-VLAN port.
- Cannot be connected to a network interconnection device.
- Cannot be a trunk port.
• If a port is disabled due to a security violation, it must be manually re-enabled
using the no shutdown command.
Example
The following example enables port security for port 5, and sets the response to a
security violation to issue a trap message:
Related Commands
shutdown (4-156)
mac-address-table static (4-174)
show mac-address-table (4-176)
802.1x Port Authentication
The switch supports IEEE 802.1x (dot1x) port-based access control that prevents
unauthorized access to the network by requiring users to first enter a user ID and
password for authentication. Client authentication is controlled centrally by a
RADIUS server EAP (Extensible Authentication Protocol).
Console(config)#interface ethernet 1/5
Console(config-if)#port security action trap
Table 4-36. 802.1x Port Authentication Commands
Command Function Mode Page
dot1x system-auth-control Enables or disables 802.1x globally GC 4-100
dot1x default Resets all dot1x parameters to their default values GC 4-101
dot1x max-req Sets the maximum number of times that the switch
retransmits an EAP request/identity packet to the client
before it times out the authentication session
IC 4-101
dot1x port-control Sets dot1x mode for a port interface IC 4-102
To Next Page
Loading...
