3com 3.01.01 User Manual
268
C
HAPTER
9: AAA
AND
RADIUS O
PERATION
Perform the following configurations in system view or Ethernet port view.
User can configure 802.1x on an individual port. The configuration will take effect
right after 802.1x is enabled globally.
right after 802.1x is enabled globally.
By default, 802.1x authentication has not been enabled globally, or on any port.
Setting the Port Access Control Mode
The following commands can be used for setting 802.1x access control mode on
the specified port. When no port is specified, the access control mode of all ports
is configured.
the specified port. When no port is specified, the access control mode of all ports
is configured.
Perform the following configurations in system view or Ethernet port view.
By default, access control on the port is auto (automatic identification mode,
which is also called protocol control mode). That is, the initial state of the port is
unauthorized. It only permits EAPoL packets receiving/transmitting, and does not
permit the user to access the network resources. If the authentication flow is
passed, the port will be switched to the authorized state and permit the user to
access the network resources; this is most common.
which is also called protocol control mode). That is, the initial state of the port is
unauthorized. It only permits EAPoL packets receiving/transmitting, and does not
permit the user to access the network resources. If the authentication flow is
passed, the port will be switched to the authorized state and permit the user to
access the network resources; this is most common.
Setting Port Access Control Method
The following commands are used for setting 802.1x access control method on
the specified port. When no port is specified in system view, the access control
method of the port is configured globally.
the specified port. When no port is specified in system view, the access control
method of the port is configured globally.
Perform the following configurations in system view or Ethernet port view.
By default, 802.1x authentication method on the port is MAC-based. That is,
authentication is performed based on MAC addresses.
authentication is performed based on MAC addresses.
Table 1 Enable/Disable 802.1x
Operation
Command
Enable the 802.1x
dot1x [interface interface-list]
Disable the 802.1x
undo dot1x [interface interface-list]
Table 2 Set the Port Access Control Mode
Operation
Command
Set the port access control mode.
dot1x port-control {authorized- force |
unauthorized-force | auto} [interface
interface-list]
unauthorized-force | auto} [interface
interface-list]
Restore the default access control mode of the
port.
port.
undo dot1x port-control [interface
interface-list]
interface-list]
Table 3 Set Port Access Control Method
Operation
Command
Set port access control method
dot1x port-method {macbased |
portbased} [interface interface-list]
portbased} [interface interface-list]
Restore the default port access control
method
method
undo dot1x port-method [interface
interface-list]
interface-list]