Setting the port authorization state
The port authorization state determines whether the client is granted access to the network or not. You
can control the authorization state of a port by using the dot1x port-control command and the following
keywords:
•
authorized-force—Places the port in the authorized state, enabling users on the port to access the
network without authentication.
unauthorized-force—Places the port in the unauthorized state, denying any access requests from
•
users on the port.
•
auto—Places the port initially in unauthorized state to allow only EAPOL packets to pass. After a
user passes authentication, sets the port in the authorized state to allow access to the network. You
can use this option in most scenarios.
To set the authorization state of a port:
Step
1.
Enter system view.
2.
Enter Layer 2 Ethernet
interface view.
3.
Set the port authorization
state.
Specifying an access control method
Step
1.
Enter system view.
2.
Enter Layer 2 Ethernet
interface view.
3.
Specify an access control
method.
Setting the maximum number of concurrent 802.1X
users on a port
Perform this task to prevent the system resources from being overused.
To set the maximum number of concurrent 802.1X users on a port:
Step
1.
Enter system view.
2.
Enter Layer 2 Ethernet
interface view.
Command
system-view
interface interface-type
interface-number
dot1x port-control { authorized-force |
auto | unauthorized-force }
Command
system-view
interface interface-type
interface-number
dot1x port-method { macbased |
portbased }
Command
system-view
interface interface-type
interface-number
81
Remarks
N/A
N/A
By default, the auto state applies.
Remarks
N/A
N/A
By default, MAC-based access
control applies.
Remarks
N/A
N/A