OS10 Enterprise Edition User Guide Release 10.4.1.0

PDF

Port control mode

802.1X requires a port to be in one of three states — force-authorized, force-unauthorized, or auto.

force-authorized (default)
This is an authorized state. A device connected to this port does not use the authentication process but can communicate on the network. Placing the port in this state is same as disabling 802.1X on the port. force-authorized is the default mode.
force-unauthorized
This is an unauthorized state. A device connected to a port does not use the authentication process but is not allowed to communicate on the network. Placing the port in this state is the same as shutting down the port. Any attempt by the supplicant to initiate authentication is ignored.
auto
This is an unauthorized state by default. A device connected to this port is subject to the authentication process. If the process is successful, the port is authorized and the connected device communicates on the network.
  • Place a port in the Auto, Force-authorized (default), or Force-unauthorized state in INTERFACE mode.
    dot1x port-control {auto | force-authorized | force-unauthorized}

Configure and verify force-authorized state

OS10(conf-range-eth1/1/7-1/1/8)# dot1x port-control force-authorized
                                 OS10(conf-range-eth1/1/7-1/1/8)# do show dot1x interface ethernet 1/1/7
                                 
                                 802.1x information on ethernet1/1/7
                                 -------------------------------------
                                 Dot1x Status:             Enable
                                 Port Control:             AUTHORIZED
                                 Port Auth Status:         UNAUTHORIZED
                                 Re-Authentication:        Enable
                                 Tx Period:                120 seconds
                                 Quiet Period:             120 seconds
                                 Supplicant Timeout:       30 seconds
                                 Server Timeout:           30 seconds
                                 Re-Auth Interval:         3600 seconds
                                 Max-EAP-Req:              5
                                 Host Mode:                MULTI_HOST
                                 Auth PAE State:           Initialize
                                 Backend State:            Initialize
                              

View interface running configuration

OS10(conf-range-eth1/1/7-1/1/8)# do show running-configuration interface
                                 ...
                                 !
                                 interface ethernet1/1/7
                                 no shutdown
                                 dot1x max-req 5
                                 dot1x re-authentication
                                 dot1x timeout quiet-period 120
                                 dot1x timeout tx-period 120
                                 !
                                 interface ethernet1/1/8
                                 no shutdown
                                 dot1x max-req 5
                                 dot1x re-authentication
                                 dot1x timeout quiet-period 120
                                 dot1x timeout tx-period 120
                                 ...
                              

Rate this content

Accurate
Useful
Easy to understand
Was this article helpful?
0/3000 characters
  Please provide ratings (1-5 stars).
  Please provide ratings (1-5 stars).
  Please provide ratings (1-5 stars).
  Please select whether the article was helpful or not.
  Comments cannot contain these special characters: <>()\