1x port authentication, Table 4-32 – Accton Technology ES3526XA User Manual

Page 327

Advertising

Authentication Commands

4-85

Command Usage

• If you enable port security, the switch stops learning new MAC addresses on

the specified port when it has reached a configured maximum number. Only
incoming traffic with source addresses already stored in the dynamic or static
address table will be accepted.

• First use the port security max-mac-count command to set the number of

addresses, and then use the port security command to enable security on the
port.

• Use the no port security max-mac-count command to disable port security

and reset the maximum number of addresses to the default.

• You can also manually add secure addresses with the mac-address-table

static command.

• A secure port has the following restrictions:

- Cannot use port monitoring.
- Cannot be a multi-VLAN port.
- Cannot be connected to a network interconnection device.
- Cannot be a trunk port.

• If a port is disabled due to a security violation, it must be manually re-enabled

using the no shutdown command.

Example
The following example enables port security for port 5, and sets the response to a
security violation to issue a trap message:

Related Commands

shutdown (4-136)
mac-address-table static (4-157)
show mac-address-table (4-158)

802.1X Port Authentication

The switch supports IEEE 802.1X (dot1x) port-based access control that prevents
unauthorized access to the network by requiring users to first submit credentials for
authentication. Client authentication is controlled centrally by a RADIUS server
using EAP (Extensible Authentication Protocol).

Console(config)#interface ethernet 1/5
Console(config-if)#port security action trap

Table 4-32 802.1X Port Authentication

Command

Function

Mode

Page

dot1x system-auth-control

Enables dot1x globally on the switch.

4-86

dot1x default

Resets all dot1x parameters to their default values

4-86