Cisco NM-HD-1V= User Guide - Page 176
dot1x port-control
UPC - 746320823355
View all Cisco NM-HD-1V= manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 176 highlights
dot1x port-control 16- and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series dot1x port-control To enable manual control of the authorization state of the port, use the dot1x port-control command in interface configuration mode. To return to the default setting, use the no form of this command. dot1x port-control {auto | force-authorized | force-unauthorized} no dot1x port-control Syntax Descriptionn auto force-authorized force-unauthorized Enables 802.1x on the interface and cause the port to change to the authorized or unauthorized state based on the 802.1x authentication exchange between the switch and the client. Disables 802.1x on the interface and cause the port to change to the authorized state without any authentication exchange required. The port transmits and receives normal traffic without 802.1x-based authentication of the client. Denies all access through this interface by forcing the port to change to the unauthorized state, ignoring all attempts by the client to authenticate. The switch cannot provide authentication services to the client through the interface. Defaults The authorization state is force-authorized. Command Modes Interface configuration Command History Release 12.1(6)EA2 12.2(15)ZJ Modification This command was introduced. This command was implemented on the following platforms: Cisco 2600 series, Cisco 3600 series, and Cisco 3700 series routers. Usage Guidelines The 802.1x protocol is supported on Layer 2 static-access ports. You can use the auto keyword only if the port is not configured as one of these types: • Trunk port-If you try to enable 802.1x on a trunk port, an error message appears, and 802.1x is not enabled. If you try to change the mode of an 802.1x-enabled port to trunk, the port mode is not changed. • EtherChannel port-Before enabling 802.1x on the port, you must first remove it from the EtherChannel. If you try to enable 802.1x on an EtherChannel or on an active port in an EtherChannel, an error appears, and 802.1x is not enabled. If you enable 802.1x on a not-yet active port of an EtherChannel, the port does not join the EtherChannel. • Switch Port Analyzer (SPAN) destination port-You can enable 802.1x on a port that is a SPAN destination port; however, 802.1x is disabled until the port is removed as a SPAN destination. You can enable 802.1x on a SPAN source port. To globally disable 802.1x on the switch, you must disable it on each port. There is no global configuration command for this task. 176 Cisco IOS Release 12.2(2)XT, 12.2(8)T, and 12.2(15)ZJ