Dot1x operation-mode – LevelOne FGL-2870 User Manual

Authentication Commands

4-147

4

Default

force-authorized

Command Mode

Interface Configuration

Command Usage

• 802.1X port authentication and port security cannot be configured together on

the same port. Only one of these security mechanisms can be applied.

• 802.1X port authentication cannot be configured on trunk ports. In other

words, a static trunk or dynamically configured trunk cannot be set to auto or
force-unauthorized mode.

• When 802.1X authentication is enabled on a port, the MAC address learning

function for this interface is disabled, and the addresses dynamically learned
on this port are removed.

• Authenticated MAC addresses are stored as dynamic entries in the switch’s

secure MAC address table. Configured static MAC addresses are added to
the secure address table when seen on a switch port. Static addresses are
treated as authenticated without sending a request to a RADIUS server.

• When port status changes to down, all MAC addresses are cleared from the

secure MAC address table. Static VLAN assignments are not restored.

Example

dot1x operation-mode

This command allows single or multiple hosts (clients) to connect to an
802.1X-authorized port. Use the no form with no keywords to restore the default to
single host. Use the no form with the multi-host max-count keywords to restore the
default maximum count.

Syntax

dot1x operation-mode {single-host | multi-host [max-count count]}
no dot1x operation-mode [multi-host max-count]

• single-host – Allows only a single host to connect to this port.
• multi-host – Allows multiple host to connect to this port.
• max-count – Keyword for the maximum number of hosts.

- count – The maximum number of hosts that can connect to a port.

(Range: 1-1024; Default: 5)

Default

Single-host

Console(config)#interface eth 1/2
Console(config-if)#dot1x port-control auto
Console(config-if)#