3 dot1x port-control – CANOGA PERKINS 9175 Command Reference User Manual

CanogaOS Command Reference

37-2

Usage

You should change the default value of this command only to adjust for unusual circumstances such as

unreliable links or specific behavioral problems with certain clients and authentication servers.

Examples

The following is sample output from the dot1x max-reauth-req command:

Switch(config-if)# dot1x max-reauth-req 4

Related Commands

show dot1x

37.3 dot1x port-control

Use the dot1x port-control interface configuration command on the switch to enable manual control of

the authorization state of the port. Use the no form of this command to return to the default setting.

Command Syntax

dot1x port-control {auto | force-authorized | force-unauthorized | dir {both | in}}

no dot1x port-control

auto

Enable IEEE 802.1x authentication on the port and cause the port to

change to the authorized or unauthorized state based on the IEEE

802.1x authentication exchange between the switch and the client.

force-authorized

Disable IEEE 802.1x authentication on the port and cause the port to

transition to the authorized state without an authentication exchange.

The port sends and receives normal traffic without IEEE 802.1x-based

authentication of the client.

force-unauthorized

Deny all access through this port by forcing the port to change to the

unauthorized state, ignoring all attempts by the client to authenticate.

The switch cannot provide authentication services to the client through

the port.

dir {both | in}

Specify the dot1x control direction.

both

Discard received and transmitted packets.

in

Discard received packets only.

Default

The default is force-authorized.

Command Mode

Interface configuration

Usage

You must globally enable IEEE 802.1x authentication on the switch by using the dot1x

system-auth-control global configuration command before enabling IEEE 802.1x authentication on a