Support User Manuals

Alcatel Carrier Internetworking Solutions 6300-24 Network Card User Manual

Open as PDF

of 462

Command Line Interface

4-76

4

• To use port security, first allow the switch to dynamically learn the <source

MAC address, VLAN> pair for frames received on a port for an initial training

period, and then enable port security to stop address learning. Be sure you

enable the learning function long enough to ensure that all valid VLAN

members have been registered on the selected port.

• To add new VLAN members at a later time, you can manually add secure

addresses with the mac-address-table static command, or turn off port

security to re-enable the learning function long enough for new VLAN members

to be registered. Learning may then be disabled again, if desired, for security.

• A secure port has the following restrictions:

- Cannot use port monitoring.

- Cannot be a multi-VLAN port.

- Cannot be connected to a network interconnection device.

- Cannot be a trunk port.

• If a port is disabled due to a security violation, it must be manually re-enabled

using the no shutdown command.

Example

The following example enables port security for port 5, and sets the response to a

security violation to issue a trap message:

Related Commands

shutdown (4-135)

mac-address-table static (4-157)

show mac-address-table (4-158)

802.1x Port Authentication

The switch supports IEEE 802.1x (dot1x) port-based access control that prevents

unauthorized access to the network by requiring users to first submit credentials for

authentication. Client authentication is controlled centrally by a RADIUS server

using EAP (Extensible Authentication Protocol).

Console(config)#interface ethernet 1/5

Console(config-if)#port security action trap

Table 4-31. 802.1X Port Authentication Commands

Command Function Mode Page

authentication dot1x default Sets the default authentication server type GC 4-77

dot1x default Resets all dot1x parameters to their default values GC 4-77

dot1x max-req Sets the maximum number of times that the switch

retransmits an EAP request/identity packet to the client

before it times out the authentication session

GC 4-78

dot1x port-control Sets dot1x mode for a port interface IC 4-78

dot1x operation-mode Allows single or multiple hosts on an dot1x port IC 4-79

dot1x re-authenticate Forces re-authentication on specific ports PE 4-79

dot1x re-authentication Enables re-authentication for all ports GC 4-80

previous next