4 debug dot1x packet, Debug dot, X packet – PLANET XGS3-24040 User Manual

Commands for Security Function Chapter 2 Commands for 802.1x

42-24

Command Mode: Admin Mode.

Parameters: all: Enable the debug information of dot1x state machine;

aksm: Enable the debug information of Authenticator Key Transmit state machine;

asm: Enable the debug information of Authenticator state machine;

basm: Enable the debug information of Backend Authentication state machine;

ratsm: Enable the debug information of Re-Authentication Timer state machine;

: the name of the interface.

Usage Guide: By enabling the debug information of dot1x, users can check the negotiation process of

dot1x protocol, which might help diagnose the cause of faults if there is any.

Example: Enable the debug information of dot1x state machine.

Switch#debug dot1x fsm asm interface ethernet1/1

42.4 debug dot1x packet

Command: debug dot1x packet {all | receive | send} interface <interface-name>

no debug dot1x packet {all | receive | send} interface

Function: Enable the debug information of dot1x about messages; the no operation of this command will

disable that debug information.

Command Mode: Admin Mode.

Parameters: send: Enable the debug information of dot1x about sending packets;

receive: Enable the debug information of dot1x about receiving packets;

all: Enable the debug information of dot1x about both sending and receiving packets;

<interface-name>: the name of the interface.

Usage Guide: By enabling the debug information of dot1x about messages, users can check the

negotiation process of dot1x protocol, which might help diagnose the cause of faults if there is any.

Example: Enable the debug information of dot1x about messages.

Switch#debug dot1x packet all interface ethernet1/1

42.5 dot1x accept-mac

Command: dot1x accept-mac <mac-address> [interface <interface-name>]

no dot1x accept-mac [interface ]

Function: Add a MAC address entry to the dot1x address filter table. If a port is specified, the entry

added applies to the specified port only. If no port is specified, the entry added applies to all the ports.

The “no dot1x accept-mac [interface ]” command deletes the entry

from dot1x address filter table.

Parameters: stands for MAC address;

for interface name and port number.

Command mode: Global Mode.

Default: N/A.

Usage Guide: The dot1x address filter function is implemented according to the MAC address filter table,

dot1x address filter table is manually added or deleted by the user. When a port is specified in adding a

dot1x address filter table entry, that entry applies to the port only; when no port is specified, the entry

applies to all ports in the switch. When dot1x address filter function is enabled, the switch will filter the