3Com WXR100 3CRWXR10095A User Manual

set port type wired-auth

149

Usage — You cannot set a port’s type if the port is a member of a port
VLAN. To remove a port from a VLAN, use the clear vlan command. To
reset a port as a network port, use the clear port type command.

When you change port type, MSS applies default settings appropriate for
the port type. Table 19 lists the default settings that MSS applies when
you set a port’s type to ap.

For 802.1X clients, wired authentication works only if the clients are
directly attached to the wired authentication port, or are attached
through a hub that does not block forwarding of packets from the client
to the PAE group address (01:80:c2:00:00:03).

Wired authentication works in accordance with the 802.1X specification,
which prohibits a client from sending traffic directly to an authenticator’s
MAC address until the client is authenticated. Instead of sending traffic to
the authenticator’s MAC address, the client sends packets to the PAE
group address.

The 802.1X specification prohibits networking devices from forwarding
PAE group address packets, because this would make it possible for
multiple authenticators to acquire the same client.

For non-802.1X clients, who use MAC authentication, WebAAA, or
last-resort authentication, wired authentication works if the clients are
directly attached or indirectly attached.

Table 19 Wired Authentication Port Details

Port Parameter

Setting

VLAN membership

Removed from all VLANs. You cannot assign a MAP access
port to a VLAN. MSS automatically assigns MAP access ports
to VLANs based on user traffic.

Spanning Tree
Protocol (STP)

Not applicable

802.1X

Uses authentication parameters configured for users.

Port groups

Not applicable

IGMP snooping

Enabled as users are authenticated and join VLANs.

Maximum user sessions 1 (one).

Fallthru authentication
type

None