3com WXR100 3CRWXR10095A User Manual
532
C
HAPTER
23: M
ANAGING
802.1X
ON
THE
WX S
WITCH
The default setting is enable, which permits 802.1X authentication to
occur as determined by the set dot1X port-control command for each
wired authentication port. The disable setting forces all wired
authentication ports to unconditionally authorize all 802.1X
authentication attempts by users with an EAP success message.
occur as determined by the set dot1X port-control command for each
wired authentication port. The disable setting forces all wired
authentication ports to unconditionally authorize all 802.1X
authentication attempts by users with an EAP success message.
To reenable 802.1X authentication on wired authentication ports, type
the following command:
the following command:
WX1200# set dot1x authcontrol enable
success: dot1x authcontrol enabled.
success: dot1x authcontrol enabled.
Setting 802.1X Port
Control
The following command specifies the way a wired authentication port or
group of ports handles user 802.1X authentication attempts:
group of ports handles user 802.1X authentication attempts:
set dot1x port-control
{forceauth | forceunauth | auto} port-list
{forceauth | forceunauth | auto} port-list
The default setting is auto, which allows the WX switch to process
802.1X authentication normally according to the authentication
configuration. Alternatively, you can set a wired authentication port or
ports to either unconditionally authenticate or unconditionally reject all
users.
802.1X authentication normally according to the authentication
configuration. Alternatively, you can set a wired authentication port or
ports to either unconditionally authenticate or unconditionally reject all
users.
For example, the following command forces port 1 to unconditionally
authenticate all 802.1X authentication attempts with an EAP success
message:
authenticate all 802.1X authentication attempts with an EAP success
message:
WX1200# set dot1x port-control forceauth 1
success: authcontrol for 1 is set to FORCE-AUTH.
success: authcontrol for 1 is set to FORCE-AUTH.
Similarly, the following command forces port 2 to unconditionally reject
any 802.1X attempts with an EAP failure message:
any 802.1X attempts with an EAP failure message:
WX1200# set dot1x port-control forceunauth 2
success: authcontrol for 2 is set to FORCE-UNAUTH.
success: authcontrol for 2 is set to FORCE-UNAUTH.
The set dot1x port-control command is overridden by the set dot1x
authcontrol command. The clear dot1x port-control command
returns port control to the default auto value.
authcontrol command. The clear dot1x port-control command
returns port control to the default auto value.
Type the following command to reset port control for all wired
authentication ports:
authentication ports:
WX1200# clear dot1x port-control
success: change accepted.
success: change accepted.