1x port authentication, Table 4-31, 1x port authentication commands – Alcatel Carrier Internetworking Solutions OmniStack 6300-24 User Manual

Page 288

Advertising

Command Line Interface

4-76

• To use port security, first allow the switch to dynamically learn the <source

MAC address, VLAN> pair for frames received on a port for an initial training
period, and then enable port security to stop address learning. Be sure you
enable the learning function long enough to ensure that all valid VLAN
members have been registered on the selected port.

• To add new VLAN members at a later time, you can manually add secure

addresses with the mac-address-table static command, or turn off port
security to re-enable the learning function long enough for new VLAN members
to be registered. Learning may then be disabled again, if desired, for security.

• A secure port has the following restrictions:

- Cannot use port monitoring.
- Cannot be a multi-VLAN port.
- Cannot be connected to a network interconnection device.
- Cannot be a trunk port.

• If a port is disabled due to a security violation, it must be manually re-enabled

using the no shutdown command.

Example
The following example enables port security for port 5, and sets the response to a
security violation to issue a trap message:

Related Commands

shutdown (4-135)
mac-address-table static (4-157)
show mac-address-table (4-158)

802.1x Port Authentication

The switch supports IEEE 802.1x (dot1x) port-based access control that prevents
unauthorized access to the network by requiring users to first submit credentials for
authentication. Client authentication is controlled centrally by a RADIUS server
using EAP (Extensible Authentication Protocol).

Console(config)#interface ethernet 1/5
Console(config-if)#port security action trap

Table 4-31. 802.1X Port Authentication Commands

Command

Function

Mode

Page

authentication dot1x default

Sets the default authentication server type

4-77

dot1x default

Resets all dot1x parameters to their default values

4-77