Setting the port authorization state, Specifying an access control method – H3C Technologies H3C S12500-X Series Switches User Manual
Page 84
72
NOTE:
If EAP relay mode is used, the user-name-format command configured in RADIUS scheme view does not
take effect. The access device sends the authentication data from the client to the server without any
modification.
40B
Setting the port authorization state
The port authorization state determines whether the client is granted access to the network. You can
control the authorization state of a port by using the dot1x port-control command and the following
keywords:
•
authorized-force—Places the port in the authorized state, enabling users on the port to access the
network without authentication.
•
unauthorized-force—Places the port in the unauthorized state, denying any access requests from
users on the port.
•
auto—Places the port initially in the unauthorized state to allow only EAPOL packets to pass. After
a user passes authentication, sets the port in the authorized state to allow access to the network. You
can use this option in most scenarios.
To set the authorization state of a port:
Step Command
Remarks
1.
Enter system view.
system-view
N/A
2.
Enter Ethernet interface
view.
interface interface-type
interface-number
N/A
3.
Set the port authorization
state.
dot1x port-control { authorized-force |
auto | unauthorized-force }
By default, auto applies.
41B
Specifying an access control method
Step Command
Remarks
1.
Enter system view.
system-view
N/A
2.
Enter Ethernet interface view. interface interface-type
interface-number
N/A
3.
Specify an access control
method.
dot1x port-method { macbased |
portbased }
By default, MAC-based access
control applies.
42B
Setting the maximum number of concurrent 802.1X
users on a port
Perform this task to prevent the system resources from being overused.
To set the maximum number of concurrent 802.1X users on a port: