Cisco 3560x-24p 参考指南
2-178
Catalyst 3750-X and 3560-X Switch Command Reference
OL-21522-02
Chapter 2 Catalyst 3750-X and 3560-X Switch Cisco IOS Commands
dot1x port-control
dot1x port-control
Use the dot1x port-control interface configuration command on the switch stack or on a standalone
switch to enable manual control of the authorization state of the port. Use the no form of this command
to return to the default setting.
switch to enable manual control of the authorization state of the port. Use the no form of this command
to return to the default setting.
dot1x port-control {auto | force-authorized | force-unauthorized}
no dot1x port-control
Syntax Description
Defaults
The default is force-authorized.
Command Modes
Interface configuration
Command History
Usage Guidelines
You must globally enable IEEE 802.1x authentication on the switch by using the dot1x
system-auth-control global configuration command before enabling IEEE 802.1x authentication on a
specific port.
system-auth-control global configuration command before enabling IEEE 802.1x authentication on a
specific port.
The IEEE 802.1x standard is supported on Layer 2 static-access ports, voice VLAN ports, and Layer 3
routed ports.
routed ports.
You can use the auto keyword only if the port is not configured as one of these:
•
Trunk port—If you try to enable IEEE 802.1x authentication on a trunk port, an error message
appears, and IEEE 802.1x is not enabled. If you try to change the mode of an IEEE 802.1x-enabled
port to trunk, an error message appears, and the port mode is not changed.
appears, and IEEE 802.1x is not enabled. If you try to change the mode of an IEEE 802.1x-enabled
port to trunk, an error message appears, and the port mode is not changed.
•
Dynamic ports—A port in dynamic mode can negotiate with its neighbor to become a trunk port. If
you try to enable IEEE 802.1x authentication on a dynamic port, an error message appears, and
IEEE 802.1x authentication is not enabled. If you try to change the mode of an IEEE 802.1x-enabled
port to dynamic, an error message appears, and the port mode is not changed.
you try to enable IEEE 802.1x authentication on a dynamic port, an error message appears, and
IEEE 802.1x authentication is not enabled. If you try to change the mode of an IEEE 802.1x-enabled
port to dynamic, an error message appears, and the port mode is not changed.
auto
Enable authentication on the port and cause the port to change to the authorized
or unauthorized state based on the IEEE 802.1x authentication exchange
between the switch and the client.
or unauthorized state based on the IEEE 802.1x authentication exchange
between the switch and the client.
force-authorized
Disable authentication on the port and cause the port to transition to the
authorized state without an authentication exchange. The port sends and
receives normal traffic without authentication of the client.
authorized state without an authentication exchange. The port sends and
receives normal traffic without authentication of the client.
force-unauthorized
Deny all access through this port by forcing the port to change to the
unauthorized state, ignoring all attempts by the client to authenticate. The
switch cannot provide authentication services to the client through the port.
unauthorized state, ignoring all attempts by the client to authenticate. The
switch cannot provide authentication services to the client through the port.
Release
Modification
12.2(53)SE2
This command was introduced.