Enterasys Matrix DFE-Gold Series Configuration Manual page 846

Configuring 802.1X Authentication
Parameters
authcontrolled‐
portcontrol auto |
forced‐auth | forced‐
unauth
keytxenabled false |
true
maxreq value
quietperiod value
reauthenabled false |
true
reauthperiod value
servertimeout timeout
supptimeout timeout
txperiod value
port‐string
Defaults
If port‐string is not specified, authentication parameters will be set on all ports
Mode
Switch command, Read‐Write.
Examples
This example shows how to set EAPOL port control to forced authorized mode on ports fe.1.1‐5,
which disables authentication on these ports:
Matrix(rw)->set dot1x auth-config authcontrolled-portcontrol forced-auth fe.1.1-5
25-8 Authentication Configuration
Specifies the EAPOL port control mode as:
• auto ‐ Auto authorization mode (default). The Enterasys Matrix
system will only forward frames received on a port which are
considered authenticated according to the state of the
corresponding access entity.
• forced‐auth ‐ Forced authorized mode, which effectively disables
802.1X authentication on the port, and allows all frames received on
the port to be forwarded.
• forced‐unauth ‐ Forced unauthorized mode, which effectively
disables 802.1X authentication on the port. When 802.1X is the only
active authentication agent on a given port, this setting means all
frames received will be dropped.
Enables (true) or disables (false) 802.1X key transmission by the
authenticator PAE state machine.
Specifies the maximum number of authentication requests allowed by
the backend authentication state machine. Valid values are 1 ‐ 10.
Specifies the time (in seconds) following a failed authentication before
another attempt can be made by the authenticator PAE state machine.
Valid values are 0 ‐ 65535.
Enables (true) or disables (false) reauthentication control of the
reauthentication timer state machine.
Specifies the time lapse (in seconds) between attempts by the
reauthentication timer state machine to reauthenticate a port. Valid
values are 0 ‐ 65535.
Specifies a timeout period (in seconds) for the authentication server,
used by the backend authentication state machine. Valid values are 1 ‐
300.
Specifies a timeout period (in seconds) for the authentication supplicant
used by the backend authentication state machine. Valid values are 1 ‐
300.
Specifies the period (in seconds) which passes between authenticator
PAE state machine EAP transmissions. Valid values are 1 ‐ 65535.
(Optional) Limits the configuration of desired settings to specified
port(s). For a detailed description of possible port‐string values, refer to
"Port String Syntax Used in the CLI" on page 4‐2.
set dot1x auth-config