•
unauthorized-force—Places the port in the unauthorized state, denying any access requests
from users on the port.
•
auto—Places the port initially in unauthorized state to allow only EAPOL packets to pass. After
a user passes authentication, sets the port in the authorized state to allow access to the
network. You can use this option in most scenarios.
To set the authorization state of a port:
Step
1.
Enter system view.
2.
Enter Layer 2 Ethernet
interface view.
3.
Set the port authorization
state.
Specifying an access control method
You can specify port-based or MAC-based access control method for 802.1X authentication. The
MAC-based access control method is supported only on the following ports:
•
Layer 2 Ethernet ports on the following modules:
HMIM-8GSW.
HMIM-24GSW.
HMIM-24GSWP.
SIC-4GSW.
SIC-4GSWP.
•
Fixed Layer 2 Ethernet ports on the following routers:
MSR954(JH296A/JH297A/JH299A).
MSR1002-4/1003-8S.
MSR2004-24/2004-48.
To specify an access control method:
Step
1.
Enter system view.
2.
Enter Layer 2 Ethernet
interface view.
3.
Specify an access control
method.
Command
system-view
interface interface-type
interface-number
dot1x port-control
{ authorized-force | auto |
unauthorized-force }
Command
system-view
interface interface-type
interface-number
dot1x port-method { macbased
| portbased }
97
Remarks
N/A
N/A
By default, the auto state
applies.
Remarks
N/A
N/A
By default, MAC-based access
control applies.
To use both 802.1X and portal
authentication on a port, you must
specify MAC-based access
control. For information about
portal authentication, see
"Configuring portal
authentication."