[802.1x Configuration Menu]
global
port
ena
dis
cur
This feature allows you to configure the GbE2c as an IEEE 802.1x Authenticator, to provide port-based network
access control. The following table describes the 802.1x Configuration Menu options.
Table 103
802.1x Configuration Menu options
Command
global
port <port number>
ena
dis
cur
802.1x Global configuration
Command: /cfg/l2/8021x/global
[802.1x Global Configuration Menu]
mode
qtperiod - Set EAP-Request/Identity quiet time interval
txperiod - Set EAP-Request/Identity retransmission timeout
suptmout - Set EAP-Request retransmission timeout
svrtmout - Set server authentication request timeout
maxreq
raperiod - Set reauthentication time interval
reauth
default
cur
The global 802.1x menu allows you to configure parameters that affect all ports in the switch. The following table
describes the 802.1x Global Configuration Menu options.
Table 104
802.1x Global Configuration Menu options
Command
mode force-
unauth|auto|force-auth
qtperiod <0-65535>
txperiod <1-65535>
suptmout <1-65535>
svrtmout <1-65535>
- Global 802.1x configuration menu
- Port 802.1x configuration menu
- Enable 802.1x access control
- Disable 802.1x access control
- Show 802.1x configuration
Description
Displays the global 802.1x Configuration Menu.
Displays the 802.1x Port Menu.
Globally enables 802.1x.
Globally disables 802.1x.
Displays current 802.1x parameters.
- Set access control mode
- Set max number of EAP-Request retransmissions
- Set reauthentication status to on or off
- Restore default 802.1x configuration
- Display current 802.1x configuration
Description
Sets the type of access control for all ports:
force-unauth
- the port is unauthorized until it is successfully authorized by the
auto
RADIUS server.
force-auth
The default value is
Sets the time, in seconds, the authenticator waits before transmitting an EAP-
Request/ Identity frame to the supplicant (client) after an authentication failure
in the previous round of authentication. The default value is 60 seconds.
Sets the time, in seconds, the authenticator waits for an EAP-Response/Identity
frame from the supplicant (client) before retransmitting an EAP-Request/Identity
frame. The default value is 30 seconds.
Sets the time, in seconds, the authenticator waits for an EAP-Response packet
from the supplicant (client) before retransmitting the EAP-Request packet to the
authentication server. The default value is 30 seconds.
Sets the time, in seconds, the authenticator waits for a response from the Radius
server before declaring an authentication timeout. The default value is 30
seconds.
The time interval between transmissions of the RADIUS Access-Request packet
containing the supplicant's (client's) EAP-Response packet is determined by the
current setting of
- the port is unauthorized unconditionally.
- the port is authorized unconditionally, allowing all traffic.
.
force-auth
/cfg/sys/radius/timeout
(default is 3 seconds).
Configuration Menu 110