Dot1X Violation-Mode - Cisco 300 Series Cli Manual

22
338

22.18 dot1x violation-mode

Use the dot1x violation-mode Interface Configuration (Ethernet) mode command to
configure the action to be taken, when a station whose MAC address is not the
supplicant MAC address, attempts to access the interface. Use the no form of this
command to return to default.
Syntax
dot1x violation-mode
no dot1x violation-mode
Parameters
•
restrict—Generates a trap when a station whose MAC address is not the
supplicant MAC address, attempts to access the interface. The minimum
time between the traps is 1 second. Those frames are forwarded but their
source address are not learned.
•
protect—Discard frames with source addresses not the supplicant
address.
•
shutdown—Discard frames with source addresses not the supplicant
address and shutdown the port
•
seconds
trap
between consecutive traps. If seconds = 0 traps are disabled. If the
parameter is not specified it defaults to 1 second for the restrict mode and
0 for the other modes.
Default Configuration
Protect
Command Mode
Interface Configuration (Ethernet) mode
User Guidelines
The command is relevant only for single-host mode.
BPDU message whose MAC address is not the supplicant MAC address wouldn't
be discarded in the protect mode.
BPDU message whose MAC address is not the supplicant MAC address would
cause a shutdown in the shutdown mode.
{restrict | protect | shutdown}
- Send SNMP traps, and specifies the minimum time
[traps seconds
78-21075-01 Command Line Interface Reference Guide
802. 1 X Commands
]