82
Setting the port authorization state
The port authorization state determines whether the client is granted access to the network or not.
You can control the authorization state of a port by using the dot1x port-control command and the
following keywords:
• authorized-force—Places the port in the authorized state, enabling users on the port to access
the network without authentication.
• unauthorized-force—Places the port in the unauthorized state, denying any access requests
from users on the port.
• auto—Places the port initially in unauthorized state to allow only EAPOL packets to pass. After
a user passes authentication, sets the port in the authorized state to allow access to the
network. You can use this option in most scenarios.
To set the authorization state of a port:
1. Enter system view.
system-view
N/A
2. Enter Layer 2 Ethernet
interface view.
interface
interface-type
interface-number
N/A
3. Set the port authorization
state.
dot1x port-control
{
authorized-force
|
auto
|
}
By default, the
auto
state
applies.
Specifying an access control method
1. Enter system view.
N/A
2. Enter Layer 2 Ethernet
interface view.
interface
interface-type
interface-number
N/A
3. Specify an
method.
dot1x port-method
{
macbased
|
portbased
}
By default, MAC-
control applies.
Setting the maximum number of concurrent
802.1X users on a port
Perform this task to prevent the system resources from being overused.
To set the maximum number of concurrent 802.1X users on a port:
1. Enter system view.
system-view
N/A
2. Enter Layer 2 Ethernet
interface view.
interface
interface-type
interface-number
N/A
3. Set the maximum number of
concurrent 802.1X users on
a port.
dot1x
max-user
user-number
number of concurrent 802.1X
users on a port is 2048.
To Next Page
Loading...
Need help?
General