Filter
Top Products
CLI (Command Line Interface)
206
NXA-ENET24 - Software Management Guide
802.1x Port Authentication Commands (Cont.)
Command Function
dot1x port-control
This command sets the dot1x
mode on a port interface.
Use the no form to restore the
default.
Syntax:
dot1x port-control {auto | force-authorized |
force-unauthorized}
no dot1x port-control
• auto – Requires a dot1x-aware connected client to be authorized by the
RADIUS server. Clients that are not dot1x-aware will be denied access.
• force-authorized – Configures the port to grant access to all clients,
either dot1x-aware or otherwise.
• force-unauthorized – Configures the port to deny access to all clients,
either dot1x-aware or otherwise.
Default: force-authorized
Command Mode: Interface Configuration
Example:
Console(config)#interface eth 1/2
Console(config-if)#dot1x port-control auto
Console(config-if)#
dot1x operation-mode
This command allows single or
multiple hosts (clients) to connect
to an 802.1X-authorized port.
Use the no form with no keywords
to restore the default to single
host.
Use the no form with the multi-host
max-count keywords to restore the
default maximum count.
Syntax:
dot1x operation-mode {single-host | multi-host [max-count
count]}
no dot1x operation-mode [multi-host max-count]
• single-host – Allows only a single host to connect to this port.
• multi-host – Allows multiple host to connect to this port.
• max-count – Keyword for the maximum number of hosts.
• count – The maximum number of hosts that can connect to a port.
(Range: 1-20; Default: 5)
Default: Single-host
Command Mode: Interface Configuration
Command Usage: The “max-count” parameter specified by this
command is only effective if the dot1x mode is set to “auto” by the dot1x
port-control command (page 4-83).
In “multi-host” mode, only one host connected to a port needs to pass
authentication for all other hosts to be granted network access. Similarly,
a port can become unauthorized for all hosts if one attached host fails
re-authentication or sends an EAPOL logoff message.
Example:
Console(config)#interface eth 1/2
Console(config-if)#dot1x operation-mode multi-host max-count
10
Console(config-if)#
dot1x re-authenticate
This command forces re-
authentication on all ports or a
specific interface.
Syntax:
dot1x re-authenticate [interface]
•interface
ethernet unit/port
unit - Stack unit. (Range: 1-8)
port - Port number. (Range: 1-26)
Command Mode: Privileged Exec
Example:
Console#dot1x re-authenticate
Console#
dot1x re-authentication
This command enables periodic
re-authentication globally for all
ports.
Use the no form to disable re-
authentication.
Syntax:
[no] dot1x re-authentication
Command Mode: Interface Configuration
Example:
Console(config)#interface eth 1/2
Console(config-if)#dot1x re-authentication
Console(config-if)#