Dot1x system-auth-control, Dot1x default, Dot1x max-req – Asante Technologies 40240/40480-10G User Manual

dot1x port-control

This command sets the dot1x mode on a port interface. Use the no form to restore
the default.

Syntax

dot1x port-control {auto | force-authorized | force-unauthorized}
no dot1x port-control

•

auto – Requires a dot1x-aware connected client to be authorized by the

RADIUS server. Clients that are not dot1x-aware will be denied access.

• force-authorized – Configures the port to grant access to all clients, either

dot1x-aware or otherwise.

•

force-unauthorized – Configures the port to deny access to all clients,

either dot1x-aware or otherwise.

Default

force-authorized

Command Mode

Interface Configuration

Command Usage

• 802.1X port authentication and port security cannot be configured together on

the same port. Only one of these security mechanisms can be applied.

• 802.1X port authentication cannot be configured on trunk ports. In other

words, a static trunk or dynamically configured trunk cannot be set to auto or
force-unauthorized mode.

•

When 802.1X authentication is enabled on a port, the MAC address learning

function for this interface is disabled, and the addresses dynamically learned
on this port are removed.

•

Authenticated MAC addresses are stored as dynamic entries in the switch’s

secure MAC address table. Configured static MAC addresses are added to
the secure address table when seen on a switch port. Static addresses are
treated as authenticated without sending a request to a RADIUS server.

• When port status changes to down, all MAC addresses are cleared from the

secure MAC address table. Static VLAN assignments are not restored.

Example

Console(config)#interface eth 1/2

Console(config-if)#dot1x port-control auto

Console(config-if)#

25-28

User Authentication Commands

25