1 commands, Ommands – GE MULTILINK ML1200 User Manual

7–4

MULTILINK ML1200 MANAGED FIELD SWITCH – INSTRUCTION MANUAL

ACCESS USING RADIUS

CHAPTER 7: ACCESS USING RADIUS

7.2

Configuring 802.1x through the Command Line Interface

7.2.1

Commands

On enabling 802.1x ports, make sure the port which connects to the RADIUS servers needs
to be manually authenticated. To authenticate the port, use the

setport

command. The

CLI commands to configure and perform authentication with a RADIUS server are
described below.

The

auth

command enters the configuration mode to configure the 802.1x parameters.

auth

The

show auth

command displays the 802.1x configuration or port status.

show auth <config|ports>

The

authserver

command define the RADIUS server. Use the UDP socket number if the

RADIUS authentication is on a port other than 1812.

authserver [ip=<ip-addr>] [udp=<num>] [secret=<string>]

The

auth enable

and

auth disable

commands enable or disable the 802.1x

authenticator function on the MultiLink ML1200 Managed Field Switch.

auth <enable|disable>

The

setport

command configures the port characteristics for an 802.1x network.

setport port=<num|list|range> [status=<enable|disable>]
[control=<auto|forceauth|forceunauth>] [initialize=<assert|deassert>]

The

backend port

command configure the parameters for EAP over RADIUS.

backend port=<num|list|range>
[supptimeout=<1-240>]
[servertimeout=<1-240] [maxreq=<1-10>]

The

port

argument is mandatory and represents the port(s) to be configured. The

supptimeout

argument is optional and represents the timeout in seconds the

authenticator waits for the supplicant to respond back. The default value is 30 seconds
and values can range from 1 to 240 seconds. The

servertimeout

argument is optional

and represents the timeout in seconds the authenticator waits for the back-end RADIUS
server to respond. The default value is 30 seconds and can range from 1 to 240 seconds.
The

maxreq

argument is optional and represents the maximum number of times the

authenticator will retransmit an EAP request packet to the Supplicant before it times out
the authentication session. Its default value is 2 and can be set to any integer value from 1
to 10.

The

portaccess

command sets port access parameters for authenticating PCs or

supplicants.

portaccess port=<num|list|range>
[quiet=<0-65535>] [maxreauth=<0-10>] [transmit=<1-65535>]

The

port

argument is mandatory and identifies the ports to be configured. The

quiet

argument is optional and represents the quiet period – the amount of time, in seconds, the
supplicant is held after an authentication failure before the authenticator retries the
supplicant for connection. The default value is 60 seconds and values can range from 0 to
65535 seconds. The

maxreauth

argument is optional and represents the number of re-

authentication attempts permitted before the port is unauthorized. The default value is 2