Alcatel-Lucent 6850-48 参考指南
802.1X Commands
page 59-2
OmniSwitch CLI Reference Guide
September 2009
802.1x
Configures 802.1X parameters on a particular slot/port. Typically used for port access control on a dedi-
cated 802.1X port.
cated 802.1X port.
802.1x slot/port [direction {both | in}] [port-control {force-authorized | force-unauthorized | auto}]
[quiet-period seconds] [tx-period seconds] [supp-timeout seconds] [server-timeout seconds] [max-req
max_req] [re-authperiod seconds] [reauthentication | no reauthentication]
[quiet-period seconds] [tx-period seconds] [supp-timeout seconds] [server-timeout seconds] [max-req
max_req] [re-authperiod seconds] [reauthentication | no reauthentication]
Syntax Definitions
slot/port
The slot and port number of the 802.1x port.
both
Configures bidirectional control on the port.
in
Configures control over incoming traffic only.
force-authorized
Forces the port control to be authorized, which means that the port is
open without restrictions and behaves as any other non-802.1X port.
Devices do not need to authenticate to traffic through the port.
open without restrictions and behaves as any other non-802.1X port.
Devices do not need to authenticate to traffic through the port.
force-unauthorized
Forces the port control to be unauthorized, which means the port cannot
accept any traffic.
accept any traffic.
auto
Configures the switch to dynamically control the port control status
based on authentication exchanges between the 802.1X end station and
the switch. Initially the port is in an unauthorized state; it becomes
authorized if a device successfully completes an 802.1X authentication
exchange with the switch.
based on authentication exchanges between the 802.1X end station and
the switch. Initially the port is in an unauthorized state; it becomes
authorized if a device successfully completes an 802.1X authentication
exchange with the switch.
quiet-period seconds
The time during which the port will not accept an 802.1X authentica-
tion attempt; the timer is activated after any authentication failure.
During the time period specified, the switch will ignore and discard all
Extensible Authentication Protocol over LAN (EAPOL) packets. The
range is 0 to 65535 seconds.
tion attempt; the timer is activated after any authentication failure.
During the time period specified, the switch will ignore and discard all
Extensible Authentication Protocol over LAN (EAPOL) packets. The
range is 0 to 65535 seconds.
tx-period seconds
The time before an EAP Request Identity will be re-transmitted. The
range is 1 to 65535 seconds.
range is 1 to 65535 seconds.
supp-timeout seconds
The number of seconds before the switch will time out an 802.1X user
who is attempting to authenticate. The value should be modified to be a
greater value if the authentication process will require additional steps
by the user (for example, entering a challenge).
who is attempting to authenticate. The value should be modified to be a
greater value if the authentication process will require additional steps
by the user (for example, entering a challenge).
server-timeout seconds
The timeout for the authentication server for authentication attempts.
This value is always superseded by the value configured for the
RADIUS authentication server configured through the
This value is always superseded by the value configured for the
RADIUS authentication server configured through the
max_req
The maximum number of times the switch will retransmit a request for
authentication information (request identity, password, challenge, etc.)
to the 802.1X user before it times out the authentication session based
on the supp-timeout. The range is 1 to 10.
authentication information (request identity, password, challenge, etc.)
to the 802.1X user before it times out the authentication session based
on the supp-timeout. The range is 1 to 10.