3com 8807 User Guide
224
C
HAPTER
25: 802.1
X
C
ONFIGURATION
By default, 802.1x authentication has not been enabled globally and on any port.
You cannot enable 802.1x on a port before you enable it globally. And you must
disable 802.1x on each port before you disable 802,1x globally.
disable 802.1x on each port before you disable 802,1x globally.
Setting the Port Access
Control Mode
The following commands can be used for setting 802.1x access control mode on
the specified port. When no port is specified, the access control mode of all ports
is configured.
the specified port. When no port is specified, the access control mode of all ports
is configured.
Perform the following configuration in system view or Ethernet port view.
auto (automatic identification mode, which is also called protocol control mode).
That is, the initial state of the port is unauthorized. It only permits EAPoL packets
receiving/transmitting and does not permit the user to access the network
resources. If the authentication flow is passed, the port will be switched to the
authorized state and permit the user to access the network resources.
That is, the initial state of the port is unauthorized. It only permits EAPoL packets
receiving/transmitting and does not permit the user to access the network
resources. If the authentication flow is passed, the port will be switched to the
authorized state and permit the user to access the network resources.
The authorized-force keyword specifies the port to operate in authorized-force
mode. Ports in this mode are always authorized. Users can access a network
through this kind of port without being authorized.
mode. Ports in this mode are always authorized. Users can access a network
through this kind of port without being authorized.
The unauthorized-force keyword specifies the port to operate in
unauthorized-force mode. Ports in this mode are always unauthorized. They do
not respond to authorization requests. Users cannot access a network through this
kind of port.
unauthorized-force mode. Ports in this mode are always unauthorized. They do
not respond to authorization requests. Users cannot access a network through this
kind of port.
By default, the mode of 802.1x performing access control on the port is auto
(automatic identification mode).
(automatic identification mode).
Setting Port Access
Control Method
The following commands are used for setting 802.1x access control method on
the specified port. When no port is specified in system view, the access control
method of all ports is configured.
the specified port. When no port is specified in system view, the access control
method of all ports is configured.
Perform the following configuration in system view or Ethernet port view.
Table 184 Enable/Disable 802.1x
Operation
Command
Enable the 802.1x
dot1x [ interface interface-list ]
Disable the 802.1x
undo dot1x [ interface interface-list ]
Table 185 Set the port access control mode
Operation
Command
Set the port access control mode
dot1x port-control { authorized- force |
unauthorized-force | auto } [ interface
interface-list ]
unauthorized-force | auto } [ interface
interface-list ]
Restore the default access control mode of
the port
the port
undo dot1x port-control [ interface
interface-list ]
interface-list ]