Home » TP-Link Manuals » Hubs & Switches » TP-Link 10GE » Manual Viewer

TP-Link 10GE T1700G-28TQUN V1 CLI Reference Guide - Page 119

IEEE 802.1X Commands

Add to My Manuals
Save this manual to your list of manuals

Page 119 highlights

Chapter 16 IEEE 802.1X Commands IEEE 802.1X function is to provide an access control for LAN ports via the authentication. An 802.1X system include three entities: supplicant, authenticator and authentication server.  Supplicant: the device that requests access to the LAN.  Authentication server: performs the actual authentication of the supplicant. It validates the identity of the supplicant and notifies the authenticator whether or not the supplicant is authorized to access the LAN.  Authenticator: controls the physical access to the network based on the authentication status of the supplicant. It is usually an 802.1X-supported network device, such as this TP-LINK switch. It acts as an intermediary (proxy) between the supplicant and the authentication server, requesting identity information from the supplicant, verifying that information with the authentication server, and relaying a response to the supplicant. This chapter handles with the authentication process between the supplicant and the switch. To realize the authentication and accounting function, you should also enbable the AAA function and configure the RADIUS server. Go to Chapter 34 AAA Commands for more details. 16.1 dot1x system-auth-control Description The dot1x system-auth-control command is used to enable the IEEE 802.1X function globally. To disable the IEEE 802.1X function, please use no dot1x system-auth-control command. Syntax dot1x system-auth-control no dot1x system-auth-control Command Mode Global Configuration Mode Privilege Requirement Only Admin, Operator and Power User level users have access to these commands. Example Enable the IEEE 802.1X function: T1700G-28TQ(config)#dot1x system-auth-control 103

Section	Page
Preface	17
Chapter 1 Using the CLI	20
1.1 Accessing the CLI	20
1.1.1 Logon by Telnet	20
1.1.2 Logon by SSH	21
1.2 CLI Command Modes	26
1.3 Privilege Restrictions	29
1.4 Conventions	30
1.4.1 Format Conventions	30
1.4.2 Special Characters	30
1.4.3 Parameter Format	30
Chapter 2 User Interface	31
2.1 enable	31
2.2 service password-encryption	31
2.3 enable password	32
2.4 enable secret	33
2.5 configure	34
2.6 exit	34
2.7 end	35
2.8 show history	35
2.9 clear history	36
Chapter 3 Stack	37
3.1 switch priority	37
3.2 switch renumber	37
3.3 switch stack-port	38
3.4 switch provision	39
3.5 show switch	40
Chapter 4 IEEE 802.1Q VLAN Commands	41
4.1 vlan	41
4.2 interface vlan	41
4.3 name	42
4.4 switchport general allowed vlan	43
4.5 switchport pvid	43
4.6 show vlan summary	44
4.7 show vlan brief	44
4.8 show vlan	45
4.9 show interface switchport	45
Chapter 5 MAC-based VLAN Commands	47
5.1 mac-vlan mac-address	47
5.2 mac-vlan	48
5.3 show mac-vlan	48
5.4 show mac-vlan interface	49
Chapter 6 Protocol VLAN Commands	50
6.1 protocol-vlan template	50
6.2 protocol-vlan vlan	51
6.3 protocol-vlan group	52
6.4 show protocol-vlan template	52
6.5 show protocol-vlan vlan	53
Chapter 7 Voice VLAN Commands	54
7.1 voice vlan	54
7.2 voice vlan aging	54
7.3 voice vlan priority	55
7.4 voice vlan mac-address	56
7.5 switchport voice vlan mode	57
7.6 switchport voice vlan security	57
7.7 show voice vlan	58
7.8 show voice vlan oui	59
7.9 show voice vlan switchport	59
Chapter 8 Etherchannel Commands	61
8.1 channel-group	61
8.2 port-channel load-balance	62
8.3 lacp system-priority	63
8.4 lacp port-priority	63
8.5 show etherchannel	64
8.6 show etherchannel load-balance	65
8.7 show lacp	65
8.8 show lacp sys-id	66
Chapter 9 User Management Commands	67
9.1 user name (password)	67
9.2 user name (secret)	68
9.3 user access-control ip-based	69
9.4 user access-control mac-based	70
9.5 user access-control port-based	71
9.6 telnet	72
9.7 show user account-list	72
9.8 show user configuration	73
9.9 show telnet-status	73
Chapter 10 HTTP and HTTPS Commands	75
10.1 ip http server	75
10.2 ip http max-users	76
10.3 ip http session timeout	76
10.4 ip http secure-server	77
10.5 ip http secure-protocol	78
10.6 ip http secure-ciphersuite	78
10.7 ip http secure-max-users	79
10.8 ip http secure-session timeout	80
10.9 ip http secure-server download certificate	81
10.10 ip http secure-server download key	82
10.11 show ip http configuration	83
10.12 show ip http secure-server	83
Chapter 11 Binding Table Commands	84
11.1 ip source binding	84
11.2 ip dhcp snooping	85
11.3 ip dhcp snooping vlan	86
11.4 ip dhcp snooping information option	87
11.5 ip dhcp snooping information strategy	87
11.6 ip dhcp snooping information remote-id	88
11.7 ip dhcp snooping information circuit-id	89
11.8 ip dhcp snooping trust	90
11.9 ip dhcp snooping mac-verify	90
11.10 ip dhcp snooping limit rate	91
11.11 ip dhcp snooping decline rate	92
11.12 show ip source binding	93
11.13 show ip dhcp snooping	93
11.14 show ip dhcp snooping interface	94
11.15 show ip dhcp snooping information interface	94
Chapter 12 ARP Inspection Commands	96
12.1 ip arp inspection(global)	96
12.2 ip arp inspection trust	96
12.3 ip arp inspection(interface)	97
12.4 ip arp inspection limit-rate	98
12.5 ip arp inspection recover	99
12.6 show ip arp inspection	99
12.7 show ip arp inspection interface	100
12.8 show ip arp inspection statistics	100
12.9 clear ip arp inspection statistics	101
Chapter 13 DoS Defend Commands	102
13.1 ip dos-prevent	102
13.2 ip dos-prevent type	102
13.3 show ip dos-prevent	103
Chapter 14 System Log Commands	105
14.1 logging buffer	105
14.2 logging buffer level	105
14.3 logging file flash	106
14.4 logging file flash frequency	107
14.5 logging file flash level	108
14.6 logging host index	108
14.7 logging monitor	109
14.8 logging monitor level	110
14.9 clear logging	110
14.10 show logging local-config	111
14.11 show logging loghost	111
14.12 show logging buffer	112
14.13 show logging flash	113
Chapter 15 SSH Commands	114
15.1 ip ssh server	114
15.2 ip ssh version	114
15.3 ip ssh algorithm	115
15.4 ip ssh timeout	116
15.5 ip ssh max-client	116
15.6 ip ssh download	117
15.7 remove public-key	118
15.8 show ip ssh	118
Chapter 16 IEEE 802.1X Commands	119
16.1 dot1x system-auth-control	119
16.2 dot1x handshake	120
16.3 dot1x auth-method	120
16.4 dot1x guest-vlan(global)	121
16.5 dot1x quiet-period	122
16.6 dot1x timeout supplicant-timeout	123
16.7 dot1x max-reauth-req	123
16.8 dot1x	124
16.9 dot1x guest-vlan(interface)	125
16.10 dot1x port-control	125
16.11 dot1x port-method	126
16.12 show dot1x global	127
16.13 show dot1x interface	128
Chapter 17 MAC Address Commands	129
17.1 mac address-table static	129
17.2 mac address-table aging-time	130
17.3 mac address-table filtering	130
17.4 mac address-table max-mac-count	131
17.5 show mac address-table	132
17.6 show mac address-table aging-time	133
17.7 show mac address-table max-mac-count	133
17.8 show mac address-table interface	134
17.9 show mac address-table count	135
17.10 show mac address-table address	135
17.11 show mac address-table vlan	136
Chapter 18 System Configuration Commands	137
18.1 system-time manual	137
18.2 system-time ntp	137
18.3 system-time dst predefined	139
18.4 system-time dst date	140
18.5 system-time dst recurring	141
18.6 hostname	142
18.7 location	143
18.8 contact-info	143
18.9 ip address	144
18.10 ip address-alloc	145
18.11 reset	146
18.12 reboot	146
18.13 copy running-config startup-config	147
18.14 copy startup-config tftp	147
18.15 copy tftp startup-config	148
18.16 boot application	149
18.17 remove backup-image	149
18.18 firmware upgrade	150
18.19 ping	151
18.20 tracert	152
18.21 show system-info	153
18.22 show image-info	153
18.23 show boot	154
18.24 show running-config	154
18.25 show startup-config	155
18.26 show system-time	155
18.27 show system-time dst	156
18.28 show system-time ntp	156
18.29 show cable-diagnostics interface	157
18.30 show cpu-utilization	157
18.31 show memory-utilization	158
Chapter 19 IPv6 Address Configuration Commands	159
19.1 ipv6 enable	159
19.2 ipv6 address autoconfig	159
19.3 ipv6 address link-local	160
19.4 ipv6 address dhcp	161
19.5 ipv6 address ra	161
19.6 ipv6 address eui-64	162
19.7 ipv6 address	163
19.8 show ipv6 interface	163
Chapter 20 Ethernet Configuration Commands	164
20.1 interface gigabitEthernet	164
20.2 interface range gigabitEthernet	164
20.3 interface ten-gigabitEthernet	165
20.4 interface range ten-gigabitEthernet	166
20.5 description	167
20.6 shutdown	167
20.7 flow-control	168
20.8 duplex	168
20.9 jumbo	169
20.10 speed	170
20.11 storm-control pps	170
20.12 storm-control	171
20.13 bandwidth	172
20.14 clear counters	173
20.15 show interface status	174
20.16 show interface counters	174
20.17 show interface configuration	175
20.18 show storm-control	176
20.19 show bandwidth	176
Chapter 21 QoS Commands	178
21.1 qos	178
21.2 qos dscp	179
21.3 qos queue cos-map	179
21.4 qos queue dscp-map	180
21.5 qos queue mode	181
21.6 qos queue weight	182
21.7 show qos interface	184
21.8 show qos cos-map	184
21.9 show qos dscp-map	185
21.10 show qos queue mode	185
21.11 show qos status	186
Chapter 22 Port Mirror Commands	187
22.1 monitor session destination interface	187
22.2 monitor session source interface	188
22.3 show monitor session	189
Chapter 23 Port Isolation Commands	190
23.1 port isolation	190
23.2 show port isolation interface	191
Chapter 24 Loopback Detection Commands	192
24.1 loopback-detection(global)	192
24.2 loopback-detection interval	192
24.3 loopback-detection recovery-time	193
24.4 loopback-detection(interface)	194
24.5 loopback-detection config	194
24.6 loopback-detection recover	195
24.7 show loopback-detection global	196
24.8 show loopback-detection interface	196
Chapter 25 ACL Commands	198
25.1 time-range	198
25.2 absolute	198
25.3 periodic	199
25.4 holiday	200
25.5 holiday(global)	201
25.6 access-list create	201
25.7 mac access-list	202
25.8 access-list standard	202
25.9 access-list extended	204
25.10 access-list ipv6	205
25.11 rule	206
25.12 access-list policy name	207
25.13 access-list policy action	208
25.14 redirect interface	208
25.15 s-condition	209
25.16 s-mirror	210
25.17 qos-remark	210
25.18 access-list bind acl(interface)	211
25.19 access-list bind acl(vlan)	212
25.20 access-list bind(interface)	212
25.21 access-list bind(vlan)	213
25.22 show access-list	213
25.23 show access-list policy	214
25.24 show access-list bind	214
Chapter 26 MSTP Commands	216
26.1 debug spanning-tree	216
26.2 spanning-tree(global)	217
26.3 spanning-tree(interface)	217
26.4 spanning-tree common-config	218
26.5 spanning-tree mode	219
26.6 spanning-tree mst configuration	220
26.7 instance	221
26.8 name	221
26.9 revision	222
26.10 spanning-tree mst instance	223
26.11 spanning-tree mst	223
26.12 spanning-tree priority	224
26.13 spanning-tree tc-defend	225
26.14 spanning-tree timer	226
26.15 spanning-tree hold-count	227
26.16 spanning-tree max-hops	227
26.17 spanning-tree bpdufilter	228
26.18 spanning-tree bpduguard	229
26.19 spanning-tree guard loop	229
26.20 spanning-tree guard root	230
26.21 spanning-tree guard tc	231
26.22 spanning-tree mcheck	231
26.23 show spanning-tree active	232
26.24 show spanning-tree bridge	232
26.25 show spanning-tree interface	233
26.26 show spanning-tree interface-security	234
26.27 show spanning-tree mst	234
Chapter 27 IGMP Snooping Commands	236
27.1 ip igmp snooping(global)	236
27.2 ip igmp snooping(interface)	236
27.3 ip igmp snooping rtime	237
27.4 ip igmp snooping mtime	238
27.5 ip igmp snooping report-suppression	238
27.6 ip igmp snooping immediate-leave	239
27.7 ip igmp snooping drop-unknown	239
27.8 ip igmp snooping last-listener query-inteval	240
27.9 ip igmp snooping last-listener query-count	241
27.10 ip igmp snooping vlan-config	241
27.11 ip igmp snooping multi-vlan-config	243
27.12 ip igmp snooping querier vlan	244
27.13 ip igmp snooping querier vlan (general query)	244
27.14 ip igmp snooping max-groups	245
27.15 ip igmp profile	247
27.16 deny	247
27.17 permit	248
27.18 range	248
27.19 ip igmp filter	249
27.20 clear ip igmp snooping statistics	250
27.21 show ip igmp snooping	250
27.22 show ip igmp snooping interface	250
27.23 show ip igmp snooping vlan	251
27.24 show ip igmp snooping multi-vlan	252
27.25 show ip igmp snooping groups	252
27.26 show ip igmp snooping querier	254
27.27 show ip igmp profile	254
Chapter 28 MLD Snooping Commands	255
28.1 ipv6 mld snooping(global)	255
28.2 ipv6 mld snooping(interface)	255
28.3 ipv6 mld snooping rtime	256
28.4 ipv6 mld snooping mtime	256
28.5 ipv6 mld snooping report-suppression	257
28.6 ipv6 mld snooping immediate-leave	258
28.7 ipv6 mld snooping drop-unknown	258
28.8 ipv6 mld snooping last-listener query-inteval	259
28.9 ipv6 mld snooping last-listener query-count	259
28.10 ipv6 mld snooping vlan-config	260
28.11 ipv6 mld snooping multi-vlan-config	261
28.12 ipv6 mld snooping querier vlan	262
28.13 ipv6 mld snooping querier vlan (general query)	263
28.14 ipv6 mld snooping max-groups	264
28.15 ipv6 mld profile	265
28.16 deny	266
28.17 permit	266
28.18 range	267
28.19 ipv6 mld filter	267
28.20 clear ipv6 mld snooping statistics	268
28.21 show ipv6 mld snooping	268
28.22 show ipv6 mld snooping interface	269
28.23 show ipv6 mld snooping vlan	270
28.24 show ipv6 mld snooping multi-vlan	270
28.25 show ipv6 mld snooping groups	271
28.26 show ipv6 mld snooping querier	271
28.27 show ipv6 mld profile	272
Chapter 29 SNMP Commands	273
29.1 snmp-server	273
29.2 snmp-server view	273
29.3 snmp-server group	274
29.4 snmp-server user	276
29.5 snmp-server community	277
29.6 snmp-server host	278
29.7 snmp-server engineID	280
29.8 snmp-server traps snmp	280
29.9 snmp-server traps link-status	281
29.10 snmp-server traps	282
29.11 snmp-server traps mac	283
29.12 snmp-server traps vlan	284
29.13 rmon history	285
29.14 rmon event	286
29.15 rmon alarm	287
29.16 rmon statistics	288
29.17 show snmp-server	289
29.18 show snmp-server view	290
29.19 show snmp-server group	290
29.20 show snmp-server user	290
29.21 show snmp-server community	291
29.22 show snmp-server host	291
29.23 show snmp-server engineID	292
29.24 show rmon history	292
29.25 show rmon event	293
29.26 show rmon alarm	293
29.27 show rmon statistics	294
Chapter 30 LLDP Commands	295
30.1 lldp	295
30.2 lldp hold-multiplier	295
30.3 lldp timer	296
30.4 lldp receive	297
30.5 lldp transmit	298
30.6 lldp snmp-trap	298
30.7 lldp tlv-select	299
30.8 lldp med-fast-count	300
30.9 lldp med-status	300
30.10 lldp med-tlv-select	301
30.11 lldp med-location	302
30.12 show lldp	303
30.13 show lldp interface	303
30.14 show lldp local-information interface	304
30.15 show lldp neighbor-information interface	304
30.16 show lldp traffic interface	305
Chapter 31 ARP Commands	306
31.1 arp	306
31.2 clear arp-cache	307
31.3 arp timeout	307
31.4 show arp	308
31.5 show ip arp (interface)	308
31.6 show ip arp summary	309
Chapter 32 Static Routes Commands	310
32.1 interface vlan	310
32.2 interface loopback	310
32.3 switchport	311
32.4 interface range port-channel	311
32.5 interface port-channel	312
32.6 shutdown	313
32.7 ip route	313
32.8 description	314
32.9 ipv6 routing	315
32.10 ipv6 route	315
32.11 show interface vlan	316
32.12 show ip interface	316
32.13 show ip interface brief	317
32.14 show ip route	318
32.15 show ip route specify	318
32.16 show ip route summary	319
32.17 show ipv6 interface	320
32.18 show ipv6 route	320
32.19 show ipv6 route summary	321
Chapter 33 SDM Template Commands	322
33.1 sdm prefer	322
33.2 show sdm prefer	323
Chapter 34 AAA Commands	324
34.1 aaa enable	324
34.2 tacacas-server host	325
34.3 show tacacs-server	326
34.4 radius-server host	326
34.5 show radius-server	328
34.6 aaa group	328
34.7 server	329
34.8 show aaa group	329
34.9 aaa authentication login	330
34.10 aaa authentication enable	331
34.11 aaa authentication dot1x default	332
34.12 aaa accounting dot1x default	333
34.13 show aaa authentication	333
34.14 show aaa accounting	334
34.15 line telnet	334
34.16 login authentication(telnet)	335
34.17 line ssh	336
34.18 login authentication(ssh)	336
34.19 enable authentication(telnet)	337
34.20 enable authentication(ssh)	337
34.21 ip http login authentication	338
34.22 ip http enable authentication	339
34.23 show aaa global	339
Chapter 35 DHCP Relay Commands	341
35.1 service dhcp relay	341
35.2 ip helper-address	341
35.3 ip dhcp relay information	342
35.4 ip dhcp relay information policy	342
35.5 ip dhcp relay information custom	343
35.6 ip dhcp relay information circuit-id	344
35.7 ip dhcp relay information remote-id	344

Match case Limit results 1 per page

Chapter 16 IEEE 802.1X Commands

IEEE 802.1X function is to provide an access control for LAN ports via the authentication. An

802.1X system include three entities: supplicant, authenticator and authentication server.



Supplicant: the device that requests access to the LAN.



Authentication server: performs the actual authentication of the supplicant. It validates the

identity of the supplicant and notifies the authenticator whether or not the supplicant is

authorized to access the LAN.



Authenticator: controls the physical access to the network based on the authentication status

of the supplicant. It is usually an 802.1X-supported network device, such as this TP-LINK

switch. It acts as an intermediary (proxy) between the supplicant and the authentication server,

requesting identity information from the supplicant, verifying that information with the

authentication server, and relaying a response to the supplicant.

This chapter handles with the authentication process between the supplicant and the switch. To

realize the authentication and accounting function, you should also enbable the AAA function and

configure the RADIUS server. Go to

Chapter 34 AAA Commands

for more details.

16.1 dot1x system-auth-control

Description

The

dot1x

system-auth-control

command is used to enable the IEEE 802.1X

function globally. To disable the IEEE 802.1X function, please use

no dot1x

system-auth-control

command.

Syntax

dot1x system-auth-control

no dot1x system-auth-control

Command Mode

Global Configuration Mode

Privilege Requirement

Only Admin, Operator and Power User level users have access to these

commands.

Example

Enable the IEEE 802.1X function:

T1700G-28TQ(config)#dot1x system-auth-control

103