Setting the port authorization state
The port authorization state determines whether the client is granted access to the network. You can
control the authorization state of a port by using the dot1x port-control command and the following
keywords:
authorized-force—Places the port in the authorized state, enabling users on the port to access the
•
network without authentication.
•
unauthorized-force—Places the port in the unauthorized state, denying any access requests from
users on the port.
auto—Places the port initially in the unauthorized state to allow only EAPOL packets to pass. After
•
a user passes authentication, sets the port in the authorized state to allow access to the network. You
can use this option in most scenarios.
To set the authorization state of a port:
Step
1.
Enter system view.
2.
Enter Ethernet interface
view.
3.
Set the port authorization
state.
Specifying an access control method
Step
1.
Enter system view.
2.
Enter Ethernet interface view.
3.
Specify an access control
method.
Setting the maximum number of concurrent 802.1X
users on a port
Perform this task to prevent the system resources from being overused.
To set the maximum number of concurrent 802.1X users on a port:
Step
1.
Enter system view.
Enter Ethernet interface view.
2.
Command
system-view
interface interface-type
interface-number
dot1x port-control { authorized-force |
auto | unauthorized-force }
Command
system-view
interface interface-type
interface-number
dot1x port-method { macbased |
portbased }
Command
system-view
interface interface-type
interface-number
67
Remarks
N/A
N/A
By default, auto applies.
Remarks
N/A
N/A
By default, MAC-based access
control applies.
Remarks
N/A
N/A