HP 6125G HP 6125G & 6125G/XG Blade Switches Security Command Reference - Page 114

dot1x port-control

Page 114 highlights

[Sysname-GigabitEthernet1/0/1] dot1x multicast-trigger dot1x port-control Syntax In system view: dot1x port-control { authorized-force | auto | unauthorized-force } [ interface interface-list ] undo dot1x port-control [ interface interface-list ] In Ethernet interface view: dot1x port-control { authorized-force | auto | unauthorized-force } View undo dot1x port-control System view, Ethernet interface view Default level 2: System level Parameters authorized-force: Places the specified or all ports in the authorized state, enabling users on the ports to access the network without authentication. auto: Places the specified or all ports initially in the unauthorized state to allow only EAPOL packets to pass, and after a user passes authentication, sets the port in the authorized state to allow access to the network. You can use this option in most scenarios. unauthorized-force: Places the specified or all ports in the unauthorized state, denying any access requests from users on the ports. interface interface-list: Specifies an Ethernet port list, which can contain multiple Ethernet ports. The interface-list argument is in the format of interface-list = { interface-type interface-number [ to interface-type interface-number ] } & , where interface-type represents the port type, interface-number represents the port number, and & means that you can provide up to 10 ports or port ranges. The start port number must be smaller than the end number and the two ports must be of the same type. Description Use dot1x port-control to set the authorization state for the specified or all ports. Use undo dot1x port-control to restore the default. The default port authorization state is auto. In system view, if no interface-list argument is specified, the command applies to all ports. Related commands: display dot1x. Examples # Set the authorization state of port GigabitEthernet 1/0/1 to unauthorized-force. system-view [Sysname] dot1x port-control unauthorized-force interface gigabitethernet 1/0/1 Or system-view 105

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
  • 123
  • 124
  • 125
  • 126
  • 127
  • 128
  • 129
  • 130
  • 131
  • 132
  • 133
  • 134
  • 135
  • 136
  • 137
  • 138
  • 139
  • 140
  • 141
  • 142
  • 143
  • 144
  • 145
  • 146
  • 147
  • 148
  • 149
  • 150
  • 151
  • 152
  • 153
  • 154
  • 155
  • 156
  • 157
  • 158
  • 159
  • 160
  • 161
  • 162
  • 163
  • 164
  • 165
  • 166
  • 167
  • 168
  • 169
  • 170
  • 171
  • 172
  • 173
  • 174
  • 175
  • 176
  • 177
  • 178
  • 179
  • 180
  • 181
  • 182
  • 183
  • 184
  • 185
  • 186
  • 187
  • 188
  • 189
  • 190
  • 191
  • 192
  • 193
  • 194
  • 195
  • 196
  • 197
  • 198
  • 199
  • 200
  • 201
  • 202
  • 203
  • 204
  • 205
  • 206
  • 207
  • 208
  • 209
  • 210
  • 211
  • 212
  • 213
  • 214
  • 215
  • 216
  • 217
  • 218
  • 219
  • 220
  • 221
  • 222
  • 223
  • 224
  • 225
  • 226
  • 227
  • 228
  • 229
  • 230
  • 231
  • 232
  • 233
  • 234
  • 235
  • 236
  • 237
  • 238
  • 239
  • 240
  • 241
  • 242
  • 243
  • 244
  • 245
  • 246
  • 247
  • 248
  • 249
  • 250
  • 251
  • 252
  • 253
  • 254
  • 255
  • 256
  • 257
  • 258
  • 259
  • 260
  • 261
  • 262
  • 263
  • 264
  • 265
  • 266
  • 267
  • 268
  • 269
  • 270
  • 271
  • 272
  • 273
  • 274
  • 275
  • 276
  • 277
  • 278
  • 279
  • 280
  • 281
  • 282
  • 283
  • 284
  • 285
  • 286
  • 287
  • 288
  • 289
  • 290
  • 291

105
[Sysname-GigabitEthernet1/0/1] dot1x multicast-trigger
dot1x port-control
Syntax
In system view:
dot1x
port-control
{
authorized-force
|
auto
|
unauthorized-force
}
[
interface
interface-list
]
undo dot1x
port-control
[
interface
interface-list
]
In Ethernet interface view:
dot1x
port-control
{
authorized-force
|
auto
|
unauthorized-force
}
undo dot1x
port-control
View
System view, Ethernet interface view
Default level
2: System level
Parameters
authorized-force
: Places the specified or all ports in the authorized state, enabling users on the ports to
access the network without authentication.
auto
: Places the specified or all ports initially in the unauthorized state to allow only EAPOL packets to
pass, and after a user passes authentication, sets the port in the authorized state to allow access to the
network. You can use this option in most scenarios.
unauthorized-force
: Places the specified or all ports in the unauthorized state, denying any access
requests from users on the ports.
interface
interface-list
: Specifies an Ethernet port list, which can contain multiple Ethernet ports. The
interface-list
argument is in the format of
interface-list
= {
interface-type
interface-number
[
to
interface-type
interface-number
] } & <1-10>, where
interface-type
represents the port type,
interface-number
represents the port number, and & <1-10> means that you can provide up to 10 ports
or port ranges. The start port number must be smaller than the end number and the two ports must be of
the same type.
Description
Use
dot1x
port-control
to set the authorization state for the specified or all ports.
Use
undo dot1x
port-control
to restore the default.
The default port authorization state is
auto
.
In system view, if no
interface-list
argument is specified, the command applies to all ports.
Related commands:
display dot1x
.
Examples
# Set the authorization state of port GigabitEthernet 1/0/1 to
unauthorized-force
.
<Sysname> system-view
[Sysname] dot1x port-control unauthorized-force interface gigabitethernet 1/0/1
Or
<Sysname> system-view