Dot1x port-control – Microsens MS453490M Management Guide User Manual
Page 623
C
HAPTER
24
| Authentication Commands
802.1X Port Authentication
– 623 –
D
EFAULT
Single-host
C
OMMAND
M
ODE
Interface Configuration
C
OMMAND
U
SAGE
◆
The “max-count” parameter specified by this command is only effective
if the dot1x mode is set to “auto” by the
command.
◆
In “multi-host” mode, only one host connected to a port needs to pass
authentication for all other hosts to be granted network access.
Similarly, a port can become unauthorized for all hosts if one attached
host fails re-authentication or sends an EAPOL logoff message.
◆
In “mac-based-auth” mode, each host connected to a port needs to
pass authentication. The number of hosts allowed access to a port
operating in this mode is limited only by the available space in the
secure address table (i.e., up to 1024 addresses).
E
XAMPLE
Console(config)#interface eth 1/2
Console(config-if)#dot1x operation-mode multi-host max-count 10
Console(config-if)#
dot1x port-control
This command sets the dot1x mode on a port interface. Use the no form to
restore the default.
S
YNTAX
dot1x port-control {auto | force-authorized |
force-unauthorized}
no dot1x port-control
auto – Requires a dot1x-aware connected client to be authorized by
the RADIUS server. Clients that are not dot1x-aware will be denied
access.
force-authorized – Configures the port to grant access to all
clients, either dot1x-aware or otherwise.
force-unauthorized – Configures the port to deny access to all
clients, either dot1x-aware or otherwise.
D
EFAULT
force-authorized
C
OMMAND
M
ODE
Interface Configuration