Setting the port authorization state, Specifying an access control method – H3C Technologies H3C S6300 Series Switches User Manual

72

NOTE:

If EAP relay mode is used, the user-name-format command configured in RADIUS scheme view does not
take effect. The access device sends the authentication data from the client to the server without any
modification.

Setting the port authorization state

The port authorization state determines whether the client is granted access to the network. You can

control the authorization state of a port by using the dot1x port-control command and the following

keywords:

•

authorized-force—Places the port in the authorized state, enabling users on the port to access the
network without authentication.

•

unauthorized-force—Places the port in the unauthorized state, denying any access requests from
users on the port.

•

auto—Places the port initially in unauthorized state to allow only EAPOL packets to pass. After a
user passes authentication, sets the port in the authorized state to allow access to the network. You

can use this option in most scenarios.

To set the authorization state of a port:

Step Command

Remarks

1.

Enter system view.

system-view

N/A

2.

Enter Layer 2 Ethernet
interface view.

interface interface-type
interface-number

N/A

3.

Set the port authorization

state.

dot1x port-control { authorized-force |
auto | unauthorized-force }

By default, auto applies.

Specifying an access control method

Step Command

Remarks

1.

Enter system view.

system-view

N/A

2.

Enter Layer 2 Ethernet
interface view.

interface interface-type
interface-number

N/A

3.

Specify an access control
method.

dot1x port-method { macbased |
portbased }

By default, MAC-based access
control applies.

Setting the maximum number of concurrent 802.1X

users on a port

Perform this task to prevent the system resources from being overused.
To set the maximum number of concurrent 802.1X users on a port: