HP 6125XLG R2306-HP 6125XLG Blade Switch Security Configuration Guide - Page 79

NOTE: If EAP relay mode is used, the user-name-format command configured in RADIUS scheme view does not take effect. The access device sends the authentication data from the client to the server without any modification. Setting the port authorization state The port authorization state determines whether the client is granted access to the network. You can control the authorization state of a port by using the dot1x port-control command and the following keywords: • authorized-force-Places the port in the authorized state, enabling users on the port to access the network without authentication. • unauthorized-force-Places the port in the unauthorized state, denying any access requests from users on the port. • auto-Places the port initially in the unauthorized state to allow only EAPOL packets to pass. After a user passes authentication, sets the port in the authorized state to allow access to the network. You can use this option in most scenarios. To set the authorization state of a port: Step 1. Enter system view. 2. Enter Ethernet interface view. 3. Set the port authorization state. Command Remarks system-view N/A interface interface-type interface-number N/A dot1x port-control { authorized-force | auto | unauthorized-force } By default, auto applies. Specifying an access control method Step 1. Enter system view. 2. Enter Ethernet interface view. 3. Specify an access control method. Command system-view interface interface-type interface-number dot1x port-method { macbased | portbased } Remarks N/A N/A By default, MAC-based access control applies. Setting the maximum number of concurrent 802.1X users on a port Perform this task to prevent the system resources from being overused. To set the maximum number of concurrent 802.1X users on a port: 70