Dot1x system-auth-control, Dot1x intrusion-action – Microsens MS453490M Management Guide User Manual

C

HAPTER

24

| Authentication Commands

802.1X Port Authentication

– 621 –

E

XAMPLE

This example instructs the switch to pass all EAPOL frame through to any

ports in STP forwarding state.

Console(config)#dot1x eapol-pass-through

Console(config)#

dot1x system-auth-

control

This command enables IEEE 802.1X port authentication globally on the

switch. Use the no form to restore the default.

S

YNTAX

[no] dot1x system-auth-control

D

EFAULT

S

ETTING

Disabled

C

OMMAND

M

ODE

Global Configuration

E

XAMPLE

Console(config)#dot1x system-auth-control

Console(config)#

dot1x intrusion-

action

This command sets the port’s response to a failed authentication, either to

block all traffic, or to assign all traffic for the port to a guest VLAN. Use the

no form to reset the default.

S

YNTAX

dot1x intrusion-action {block-traffic | guest-vlan}
no dot1x intrusion-action

block-traffic - Blocks traffic on this port.
guest-vlan - Assigns the user to the Guest VLAN.

D

EFAULT

block-traffic

C

OMMAND

M

ODE

Interface Configuration

C

OMMAND

U

SAGE

For guest VLAN assignment to be successful, the VLAN must be configured

and set as active (see the

vlan database

command) and assigned as the

guest VLAN for the port (see the

network-access guest-vlan

command).