Filter
Top Products
dot1x port-control
This command sets the dot1x mode on a port interface. Use the
no
form to restore
the default.
Syntax
dot1x port-control {auto | force-authorized | force-unauthorized}
no dot1x port-control
• auto – Requires a dot1x-aware connected client to be authorized by the
RADIUS server. Clients that are not dot1x-aware will be denied access.
•
force-authorized
– Configures the port to grant access to all clients, either
dot1x-aware or otherwise.
• force-unauthorized – Configures the port to deny access to all clients,
either dot1x-aware or otherwise.
Default
force-authorized
Command Mode
Interface Configuration
Command Usage
• 802.1X port authentication and port security cannot be configured together on
the same port. Only one of these security mechanisms can be applied.
• 802.1X port authentication cannot be configured on trunk ports. In other
words, a static trunk or dynamically configured trunk cannot be set to auto or
force-unauthorized mode.
• When 802.1X authentication is enabled on a port, the MAC address learning
function for this interface is disabled, and the addresses dynamically learned
on this port are removed.
• Authenticated MAC addresses are stored as dynamic entries in the switch’s
secure MAC address table. Configured static MAC addresses are added to
the secure address table when seen on a switch port. Static addresses are
treated as authenticated without sending a request to a RADIUS server.
• When port status changes to down, all MAC addresses are cleared from the
secure MAC address table. Static VLAN assignments are not restored.
Example
Console(config)#interface eth 1/2
Console(config-if)#dot1x port-control auto
Console(config-if)#
25-28
User Authentication Commands
25