Authentication manager cli commands – Dell POWEREDGE M1000E User Manual

10-9

Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide

OL-13270-03

Chapter 10 Configuring IEEE 802.1x Port-Based Authentication

Understanding IEEE 802.1x Port-Based Authentication

Authentication Manager CLI Commands

The authentication-manager interface-configuration commands control all the authentication methods,
such as 802.1x, MAC authentication bypass, and web authentication. The authentication manager
commands determine the priority and order of authentication methods applied to a connected host.

The authentication manager commands control generic authentication features, such as host-mode,
violation mode, and the authentication timer. Generic authentication commands include the
authentication host-mode, authentication violation, and authentication timer interface
configuration commands.

802.1x-specific commands begin with the dot1x keyword.

For example, the authentication

port-control auto interface configuration command enables authentication on an interface. However,
the dot1x system-authentication control global configuration command only globally enables or
disables 802.1x authentication.

Note

If 802.1x authentication is globally disabled, other authentication methods are still enabled on that port,
such as web authentication.

The authentication manager commands provide the same functionality as earlier 802.1x commands.

Table 10-2

Authentication Manager Commands and Earlier 802.1x Commands

The authentication manager
commands in Cisco IOS
Release 12.2(50)SE or later

The equivalent 802.1x commands in
Cisco IOS Release 12.2(46)SE and
earlier

Description

authentication control-direction
{both | in}

dot1x control-direction {both |
in}

Enable 802.1x authentication with the
wake-on-LAN (WoL) feature, and configure the
port control as unidirectional or bidirectional.

authentication event

dot1x auth-fail vlan

dot1x critical (interface
configuration)

dot1x guest-vlan6

Enable the restricted VLAN on a port.

Enable the inaccessible-authentication-bypass
feature.

Specify an active VLAN as an 802.1x guest
VLAN.

authentication fallback
fallback-profile

dot1x fallback fallback-profile

Configure a port to use web authentication as a
fallback method for clients that do not support
802.1x authentication.

authentication host-mode
[multi-auth | multi-domain |
multi-host | single-host]

dot1x host-mode {single-host |
multi-host | multi-domain}

Allow a single host (client) or multiple hosts on
an 802.1x-authorized port.

authentication order

dot1x mac-auth-bypass

Enable the MAC authentication bypass feature.

authentication periodic

dot1x reauthentication

Enable periodic re-authentication of the client.

authentication port-control {auto
| force-authorized | force-un
authorized}

dot1x port-control {auto |
force-authorized |
force-unauthorized}

Enable manual control of the authorization state of
the port.

authentication timer

dot1x timeout

Set the 802.1x timers.