10 dot1x port-control, 11 dot1x port-method, 12 dot1x re-authenticate – Accton Technology ES4710BD User Manual

Page 517

background image

516

E

ES4710BD 10 Slots L2/L3/L4 Chassis Switch

Default: The default maximum user allowed is 1.
Usage Guide: This command is available for ports using MAC-based access management, if MAC

address authenticated exceeds the number of allowed user, additional users will not
be able to access the network.

Example: Setting port 1/3 to allow 5 users.
Switch(Config-Ethernet1/3)#dot1x max-user 5

20.2.2.10 dot1x port-control

Command: dot1x port-control {auto|force-authorized|force-unauthorized }

no dot1x port-control

Function: Sets the 802.1x authentication status; the “no dot1x port-control” command restores the

default setting.

Parameters: auto enable 802.1x authentication, the port authorization status is determined by the

authentication information between the switch and the supplicant; force-authorized
sets port to authorized status, unauthenticated data is allowed to pass through the port;
force-unauthorized will set the port to non-authorized mode, the switch will not
provide authentication for the supplicant and prohibit data from passing through the
port.

Command mode: Port configuration Mode
Default:
When 802.1x is enabled for the port, force authorized is set by default.

Usage Guide: If the port needs to provide 802.1x authentication for the user, the port authentication

mode should be set to auto.

Example: Setting port1/1 to require 802.1x authentication mode.
Switch(Config)#interface ethernet 1/1
Switch(Config-Ethernet1/1)#dot1x port-control auto

20.2.2.11 dot1x

port-method

Command: dot1x port-method {macbased | portbased}

no dot1x port-method

Function: Sets the access management method for the specified port; the “no dot1x port-method

command restores the default access management method.

Parameters: macbased sets the MAC-based access management method; portbased sets

port-based access management.

Command mode: Port configuration Mode
Default:
MAC-based access management is used by default.
Usage Guide: MAC-based access management is better than port-based access management in both

security and management, port-based access management is suggested only for
special usages.

Example: Setting port-based access management for port 1/4.
Switch(Config-Ethernet1/4)#dot1x port-method portbased

20.2.2.12 dot1x re-authenticate

Command: dot1x re-authenticate [interface <interface-name>]
Function: Enables real-time 802.1x re-authentication (no wait timeout requires) for all ports or a