Specifying the access control method – H3C Technologies H3C S7500E Series Switches User Manual

Page 105

5-15

You can specify the port authorization mode in both system view and interface view. The former

applies to multiple ports while the latter applies to the current port only. If both a global setting

and a local setting exist on a port, the one configured later takes effect.

Follow these steps to specify the port authorization mode:

To do…

Use the command…

Remarks

Enter system view

system-view

—

In system view

dot1x port-control

{ authorized-force | auto |

unauthorized-force }

[ interface interface-list ]

interface interface-type

interface-number

Specify the

port

authorization

mode

In Ethernet

interface view

dot1x port-control

{ authorized-force | auto |

unauthorized-force }

Optional

Use either approach.

auto by default

Specifying the Access Control Method

Switches not only implement the port-based access control method defined in the 802.1X

protocol, but also extend and optimize the protocol by supporting the MAC-based access

control method.

Port-based access control: With this method configured on a port, after a user connected to

the port passes authentication, all subsequent users of the port can access network

resources without authentication. However, when the authenticated user logs off, the

others are denied as well.

MAC-based access control: With this method configured on a port, all users of the port

must be authenticated separately, and when a user logs off, no other users are affected.

You can specify the access control method in system view for multiple ports, or in interface view

for only the current port. If both a global setting and a local setting exist on a port, the one

configured later takes effect.

Follow these steps to specify the access control method: