Configuration Guide 802.1x Configuration
Configuring Port-based Single-user Authentication
By default, 802.1x controls on the basis of user MAC. Only the authenticated users can use the network, while other users
connected to the same port is not able to use the network. In the port-based control mode, the port is authenticated when
there is an authenticated user on the port. All the users connected to the authenticated port are able to use the network
normally.
However, in the port-based control mode, the port-based single-user authentication controls only one authenticated user.
The port is authenticated when it allows only one authenticated user who is enable to use the network normally. Then, if
you find other users on the port, you should clear all the users on the port and reauthenticate.
From the privileged EXEC mode, follow the steps below to configure port-based single-user control mode on the port.
Ruijie(config)#interface interface-id
Enter interface configuration mode.
Ruijie(config-if-type ID)#dot1x port-control auto
Ruijie(config-if-type ID)#dot1x
port-control-mode port-based single-host
Port-based single-user control mode.
Ruijie#show dot1x port-control
Show 802.1x configuration.
You can run no dot1x port-control-mode to restore the settings to the default control mode.
Following example shows how to configure the authentication mode of a port.
Ruijie(config)#interface interface-idRuijie(config)#interface interface-id
Ruijie(config-if)#dot1x port-control-mode port-base single-host
In the port-based authentication mode, every port only can receive one authentication user.
Single-host is port-based single-user 802.1x access control. Use show dot1x port-control to display
port-based and use show running-config to display dot1x port-control-mode port-based single-host.
Since single-host only supports the single-user form, setting default-user-limit on the port manually does
not take effect in single-host mode. If you set default-user-limit on the port after setting single-host, only
one user can be permitted to use the network still.
In the port-based authentication mode, you can permit or deny dynamic users to migrate among multiple authentication
ports, which is permitted by default. If you want to deny the migration of dynamic users, follow the steps below from the
privileged EXEC mode.
Ruijie(config)dot1x stationarity enable
Prohibits migration between ports.
To Next Page
Loading...
