Dot1x single-host-violation, Dot1x mac-authentication – Allied Telesis AT-S95 CLI User Manual

Page 328

Not approved by Document Control. For review only.

Allied Telesis

Command Line Interface User’s Guide

dot1x single-host-violation

The dot1x single-host-violation Interface Configuration (Ethernet) mode command configures the action to be
taken, when a station whose MAC address is not the supplicant MAC address, attempts to access the interface.
Use the no form of this command to restore defaults.

Syntax

dot1x single-host-violation {forward | disgard | disgard-shutdown [ trap seconds ]

no port dot1x single-host-violation

Parameters
•

forward — Forwards frames with source addresses that are not the supplicant address, but does not learn
the source addresses.

•

discard — Discards frames with source addresses that are not the supplicant address.

•

discard-shutdown — Discards frames with source addresses that are not the supplicant address. The port
is also shut down.

•

trap seconds— Indicates that SNMP traps are sent. Specifies the minimum amount of time in seconds
between consecutive traps. (Range: 1- 1000000

)

Default Configuration

Frames with source addresses that are not the supplicant address are discarded.

No traps are sent.

Command Mode

Interface Configuration (Ethernet) mode

User Guidelines

The command is relevant when multiple hosts is disabled and the user has been successfully authenticated.

Example

The following example forwards frames with source addresses that are not the supplicant address and sends
consecutive traps at intervals of 100 seconds.

dot1x mac-authentication

The mac-authentication Interface Configuration mode command enables authentication based on the station's
MAC address. Use the no form of this command to disable MAC authentication.

Syntax

dot1x mac-authentication {mac-only | mac-and-802.1x}

no dot1x mac-authentication

Console(config)# interface ethernet 1/16
Console(config-if)# dot1x single-host-violation forward trap 100