CISCO WS-2980G 的cat-ios 的 dot1x 认证的配置模板
发布网友
发布时间:2022-04-22 11:17
共1个回答
热心网友
时间:2022-06-14 17:00
set port dot1xUse the set port dot1x commands to configure dot1x on a port. set port dot1x mod/port multiple-host {enable | disable}set port dot1x mod/port {port-control port_control_value}set port dot1x mod/port {initialize | re-authenticate}set port dot1x mod/port re-authentication {enable | disable}Syntax Description
mod/portVariable that specifies the number of the mole and port on the mole. multiple-hostKeyword that specifies multiple-user access; see the "Usage Guidelines" section for more information. enableKeyword that enables multiple-user access. disableKeyword that disables multiple-user access. port-control port_control_valueKeyword and variable that specifies the port control type; valid values are force-authorized, force-unauthorized, and auto. initializeKeyword that initializes dot1x on the port. re-authenticateKeyword that manually initiates a reauthentication of the entity connected to the port. re-authenticationKeyword that automatically initiates reauthentication of the entity connected to the port within the reauthentication time period; see the "Usage Guidelines" section for more information. enableKeyword that enables automatic reauthentication. disableKeyword that disables automatic reauthentication.
DefaultsThe default settings are as follows:�6�1The default port_control_value is force-authorized.�6�1The multiple host feature is disabled.�6�1The reauthentication feature is disabled.Command TypesSwitch command.Command ModesPrivileged.Usage GuidelinesThe dot1x port will not be allowed to become a trunk port, MVAP, channel port, dynamic port, or a secure port.When setting the port control type, the following applies:�6�1force-authorized forces the controlled port to transition to the authorized state unconditionally and is equivalent to disabling 802.1x restriction in the port.�6�1force-unauthorized forces the controlled port to transit to the unauthorized state unconditionally and prevents the authorized services of the authenticator to the supplicant.�6�1auto enables 802.1x control on the port.If you disable the multiple host feature, once a dot1x port is authorized through a successful authentication of a supplicant, only that particular host (MAC address) is allowed on that port. When the system detects another host (different MAC address) on the authorized port, it shuts down the port and displays a syslog message. This is the default system behavior.If you enable the multiple host feature, once a dot1x port is authorized through a successful authentication of a supplicant, any host (any MAC address) is allowed to send or receive traffic on that port.If you enable reauthentication, you can set the reauthentication time period in seconds by entering the set dot1x re-authperiod seconds command. The default for the reauthentication time period is 3600 seconds.ExamplesThis example shows how to set the port control type automatically:Console> (enable) set port dot1x 4/1 port-control auto
Port 4/1 dot1x port-control is set to auto.
Console> (enable)
This example shows how to initialize dot1x on a port:Console> (enable) set port dot1x 4/1 initialize
dot1x port 4/1 initializing...
dot1x initialized on port 4/1.
Console> (enable)
This example shows how to manually reauthenticate a port:Console> (enable) set port dot1x 4/1 re-authenticate
dot1x port 4/1 re-authenticating...
dot1x re-authentication successful...
dot1x port 4/1 authorized.
Console> (enable)
This example shows how to enable multiple-user access on a specific port:Console> (enable) set port dot1x 4/1 multiple-host enable
Multiple hosts allowed on port 4/1.
Console> (enable)
This example shows how to enable automatic reauthentication on a port:Console> (enable) set port dot1x 4/1 re-authentication enable
Port 4/1 re-authentication enabled.
Console> (enable)
