D-Link DGS-6600-48TS Configuration Guide - Page 440

Volume 8-Security & Authentication / Chapter 40-802.1X Authentication 802.1X Configuration Commands Specifying the Port Authorization State The user can manually configure a port to be in an 802.1X authorized or unauthorized state by entering the following command in interface configuration mode: Command dot1x port-control {auto | forceauthorized | force-unauthorized} Explanation Manually configures the authorization state on the specified port. In the following example, the user forces Ethernet interface 4.40 to change to the unauthorized state, which denies all access to the port by ignoring all authentication attempts: DGS-6600:2>enable DGS-6600:15#configure terminal DGS-6600:15(config)#interface eth4.40 DGS-6600:15(config-if)#dot1x port-control force-unauthorized DGS-6600:15(config-if)#end Configuring Port Periodical Re-Authentication The re-authentication function can be controlled on a per-port basis. Enter the following command in interface configuration mode to enable the periodic reauthentication function on an interface: Command dot1x re-authentication Explanation Enables periodic re-authentication on the specified interface. In the following example, the user enables periodic re-authentication on Ethernet interface 4.43: DGS-6600:2>enable DGS-6600:15#configure terminal DGS-6600:15(config)#interface eth4.43 DGS-6600:15(config-if)#dot1x re-authentication DGS-6600:15(config-if)#end Configuring Port Guest VLANs In order to increase security, the Switch can be configured so that any users attempting to authenticate and gain permission to access the Switch will be placed into a guest VLAN, before have been successfully authenticated. When a guest VLAN is assigned to a port, the user on this port is only allowed to access the guest VLAN. After successful authentication, the user will be allowed to access the original access VLAN or a new VLAN that was assigned by the RADIUS server during authentication. DGS-6600 Configuration Guide 440