Dot1X Port-Control - Cisco ME 3400 Command Reference Manual
Ethernet access switch
Hide thumbs
Also See for ME 3400:
- Software configuration manual (1138 pages) ,
- Command reference manual (872 pages) ,
- Hardware installation manual (88 pages)
Table of Contents
Advertisement
Chapter 2
Cisco ME 3400 Ethernet Access Switch Cisco IOS Commands
dot1x port-control
Use the dot1x port-control interface configuration command to enable manual control of the
authorization state of the port. Use the no form of this command to return to the default setting.
Syntax Description
auto
force-authorized
force-unauthorized Deny all access through this port by forcing the port to change to the
Defaults
The default is force-authorized.
Command Modes
Interface configuration
Command History
Release
12.2(25)EX
Usage Guidelines
You must globally enable IEEE 802.1x on the switch by using the dot1x system-auth-control global
configuration command before enabling IEEE 802.1x on a specific port.
The IEEE 802.1x protocol is supported on Layer 2 static-access ports and Layer 3 routed ports.
You can use the auto keyword only if the port is not configured as one of these:
•
•
•
OL-9640-10
dot1x port-control {auto | force-authorized | force-unauthorized}
no dot1x port-control
Enable IEEE 802.1x authentication on the port and cause the port to change to
the authorized or unauthorized state based on the IEEE 802.1x authentication
exchange between the switch and the client.
Disable IEEE 802.1x authentication on the port and cause the port to change to
the authorized state without an authentication exchange. The port sends and
receives normal traffic without IEEE 802.1x-based authentication of the client.
unauthorized state, ignoring all attempts by the client to authenticate. The
switch cannot provide authentication services to the client through the port.
Modification
This command was introduced.
Trunk port—If you try to enable IEEE 802.1x on a trunk port, an error message appears, and
IEEE 802.1x is not enabled. If you try to change the mode of an IEEE 802.1x-enabled port to trunk,
an error message appears, and the port mode is not changed.
Dynamic-access ports—If you try to enable IEEE 802.1x on a dynamic-access (VLAN Query
Protocol [VQP]) port, an error message appears, and IEEE 802.1x is not enabled. If you try to
change an IEEE 802.1x-enabled port to dynamic VLAN assignment, an error message appears, and
the VLAN configuration is not changed.
EtherChannel port—Do not configure a port that is an active or a not-yet-active member of an
EtherChannel as an IEEE 802.1x port. If you try to enable IEEE 802.1x on an EtherChannel port,
an error message appears, and IEEE 802.1x is not enabled.
Cisco ME 3400 Ethernet Access Switch Command Reference
dot1x port-control
2-93
Advertisement
Table of Contents
