16 dot1x port-method, X port, Control – PLANET XGS3-24040 User Manual

Commands for Security Function Chapter 2 Commands for 802.1x

42-29

Switch(Config-If-Ethernet1/3)#dot1x max-user userbased 5

42.15 dot1x port-control

Command: dot1x port-control {auto|force-authorized|force-unauthorized }

no dot1x port-control

Function: Sets the 802.1x authentication status; the “no dot1x port-control” command restores the

default setting.

Parameters: auto enable 802.1x authentication, the port authorization status is determined by the

authentication information between the switch and the supplicant; force-authorized sets port to

authorized status, unauthenticated data is allowed to pass through the port; force-unauthorized will set

the port to non-authorized mode, the switch will not provide authentication for the supplicant and prohibit

data from passing through the port.

Command mode: Port configuration Mode

Default: When 802.1x is enabled for the port, auto is set by default.

Usage Guide: If the port needs to provide 802.1x authentication for the user, the port authentication

mode should be set to auto.

Example: Setting port1/1 to require 802.1x authentication mode.

Switch(Config-If-Ethernet1/1)#dot1x port-control auto

Switch(config)#interface ethernet 1/1

Switch(Config-If-Ethernet1/1)#dot1x port-control auto

42.16 dot1x port-method

Command: dot1x port-method {macbased | portbased | webbased | userbased advanced}

no dot1x port-method

Function: To configure the access control method of appointed interface. The no form command

restores the default access control method.

Parameter: macbased means the access control method based on MAC address; portbased means

the access control method based on port; webbased means the access control method based on web

authentication; userbased means the access control method based on user, it can be divided into two

types, one is standard access control method, and the other is advanced access control method.

Command mode: Port Configuration Mode.

Default: Advanced access control method based on user is used by default.

Usage Guide: This command is used to configure the dot1x authentication method for the specified port.

When port based authentication is applied, only one host can authenticate itself through one port. And

after authentication, the host will be able to access all the resources. When MAC based authentication is

applied, multiple host which are connected to one port can access all the network resources after

authentication. When either of the above two kinds of access control is applied, un-authenticated host

cannot access any resources in the network.

When user based access control is applied, un-authenticated users can only access limited

resources of the network. The user based access control falls into two kinds – the standard access

control and the advanced access control. The standard user based access control does not limit the