Manuals / Accton Technology / Computer Equipment / Switch

Accton Technology VS4512DC manual 802.1x Port Authentication, Authentication dot1x default

Models: VS4512DC VS4512

1 334

Download 334 pages 13.79 Kb

Page 214

Command Line Interface

Example

The following example enables port security for port 5, and sets the response to a security violation to issue a trap message:

Console(config)#interface ethernet 1/5

Console(config-if)#port security action trap

Related Commands

shutdown (4-89)mac-address-table static (4-122) show mac-address-table(4-123)

802.1x Port Authentication

The switch supports IEEE 802.1x (dot1x) port-based access control that prevents unauthorized access to the network by requiring users to first submit credentials for authentication. Client authentication is controlled centrally by a RADIUS server using EAP (Extensible Authentication Protocol).

Command	Function	Mode	Page

authentication dot1x default	Sets the default authentication server type	GC	4-68

dot1x default	Resets all dot1x parameters to their default values	GC	4-69

dot1x max-req	Sets the maximum number of times that the switch	GC	4-69
	retransmits an EAP request/identity packet to the client
	before it times out the authentication session
dot1x port-control	Sets dot1x mode for a port interface	IC	4-70

dot1x operation-mode	Allows single or multiple hosts on an dot1x port	IC	4-70

dot1x re-authenticate	Forces re-authentication on specific ports	PE	4-71

dot1x re-authentication	Enables re-authentication for all ports	GC	4-71

dot1x timeout quiet-period	Sets the time that a switch port waits after the Max	GC	4-71
	Request Count has been exceeded before attempting to
	acquire a new client
dot1x timeout re-authperiod	Sets the time period after which a connected client must	GC	4-72
	be re-authenticated
dot1x timeout tx-period	Sets the time period during an authentication session that	GC	4-72
	the switch waits before re-transmitting an EAP packet
show dot1x	Shows all dot1x related information	PE	4-73

authentication dot1x default

This command sets the default authentication server type. Use the no form to restore the default.

Syntax

authentication dot1x default radius no authentication dot1x

4-68

Image 214

Accton Technology VS4512DC manual 802.1x Port Authentication, Authentication dot1x default

Contents

Management Guide Page Vdsl Switch-V4512 Vdsl Switch-VS4512DCInternational Headquarters Europe Headquarters Asia Pacific HeadquartersContents Page Contents Command Line Interface Contents Page Contents Page Contents Appendix a Software Specifications Key Features Feature DescriptionDescription of Software Features IntroductionDescription of Software Features Introduction System Defaults Function Parameter DefaultPvid Sntp Introduction Connecting to the Switch Configuration OptionsRequired Connections Remote Connections Basic ConfigurationConsole Connection Setting an IP Address Setting PasswordsManual Configuration Dynamic Configuration Enabling Snmp Management Access Community StringsSaving Configuration Settings Trap ReceiversManaging System Files Configuring the Switch Using the Web InterfaceHome Configuration OptionsNavigating the Web Browser Interface Button ActionDescription Values Panel DisplayMain Menu Menu DescriptionSSH Vdsl Vlan Displaying System Information Field AttributesPass Management Software Displaying Switch Hardware/Software VersionsField Attributes Main Board Expansion SlotDisplaying Bridge Extension Capabilities Setting the Switch’s IP Address 146Manual Configuration Command AttributesUsing DHCP/BOOTP Fan Status Managing FirmwareDownloading System Software from a Server Saving or Restoring Configuration Settings Downloading Configuration Settings from a ServerSetting the Startup Configuration File Copying the Running Configuration to a FileSetting the System Clock Resetting the SystemConfiguring Sntp Setting the Time Zone Simple Network Management Protocol Setting Community Access Strings Access ModeSpecifying Trap Managers and Trap Types Filtering Addresses for Snmp Client Access Command UsageUser Authentication Configuring the Logon PasswordConfiguring Local/Remote Logon Authentication Radius Settings Tacacs SettingsUser Authentication Configuring Https Telnet SettingsWeb Browser Operating System Replacing the Default Secure-site Certificate Command AttributesConfiguring the Secure Shell Configuring Port Security Command UsageThese actions can only be taken through CLI commands Configuring 802.1x Port Authentication Displaying 802.1x Global Settings User Authentication Configuring 802.1x Global Settings Configuring Port Authorization Mode AuthorizedDisplaying 802.1x Statistics Statistical Values Parameter DescriptionDisplaying Connection Status Port ConfigurationField Attributes Web Command Attributes CLI Basic informationCurrent status Configuring Interface Connections CLI This example shows the connection status for PortPort Configuration Command Usage Creating Trunk GroupsStatically Configuring a Trunk Statically configuredEnabling Lacp on Selected Ports Port Configuration Setting Broadcast Storm Thresholds Command AttributesConfiguring Port Mirroring Command Attribute Configuring Rate LimitsDefault Status Disabled Showing Port Statistics Statistical Values Parameter DescriptionParameter Description Rmon StatisticsConfiguring the Switch CLI This example shows statistics for port Vdsl Global Configuration Vdsl ConfigurationProfile Name ProfileType Downstream Rate Upstream Rate Mbps Upstream Downstream Mode Max. Range ExampleVdsl Port Configuration Profile Name Theoretical Minimum Signal-to-Noise Ratio dBNoise Margin Profile Name Downstream Upstream RateRate Mbps S1-16-16 16.74 Examples Following example assigns efm profile S1-16-16 to Vdsl portVdsl Port Link Status Command Attributes General StatusPMD1 Status PMS-TC2Status 111 Displaying Vdsl Port Ethernet Statistics Vdsl Line Configuration CLI Use the show interfaces counters command ExampleCLI Use the show controllers efm line-table command Example Displaying Vdsl Interface InformationPhysical Interfaces Information Channel Interface Information118 Line Performance Data Information Vdsl Performance Monitor InformationChannel Performance Data Information Web Click VDSL, Performance Monitor Information 120 Line Performance Data History Information Monitoring Vdsl Performance HistoryChannel Performance Data History Information Setting Static Addresses Displaying the Address Table Changing the Aging Time 123Spanning Tree Algorithm Configuration Displaying Global Settings Field AttributesConfiguring the Switch Configuring Global Settings 135Root Device Configuration Displaying Interface Settings AD B ADB Configuring Interface Settings Command AttributesSpanning Tree Algorithm Configuration Vlan Configuration OverviewAssigning Ports to VLANs Displaying Basic Vlan Information Forwarding Tagged/Untagged FramesCommand Attributes Web Displaying Current VLANs143 Command Attributes Creating VLANsAdding Static Members to VLANs Vlan Index Adding Static Members to VLANs Port Index 142Configuring Vlan Behavior for Interfaces Vlan Configuration Configuring Private VLANs Configuring Uplink and Downlink Ports Enabling Private VLANsClass of Service Configuration Setting the Default Priority for Interfaces147 Queue Priority Mapping CoS Values to Egress QueuesPriority Level Traffic Type Selecting the Queue Mode 151Setting the Service Weight for Traffic Classes Mapping Layer 3/4 Priorities to CoS Values Selecting IP Precedence/DSCP PriorityMapping IP Precedence Priority Traffic Type LevelMapping Dscp Priority IP Dscp Value CoS Value154 Mapping IP Port Priority Copy Priority Settings Multicast Filtering Layer 2 Igmp Snooping and QueryConfiguring Igmp Snooping and Query Parameters Command UsageDisplaying Interfaces Attached to a Multicast Router 160Specifying Static Interfaces for a Multicast Router Displaying Port Members of Multicast Services Command AttributeAssigning Ports to Multicast Services Command UsageUser Configuring the Switch 116 Accessing the CLI Using the Command Line InterfaceTelnet Connection Command Line Interface Getting Help on Commands Entering CommandsCommand Completion Keywords and ArgumentsShowing Commands Partial Keyword LookupUnderstanding Command Modes Negating the Effect of CommandsUsing Command History Exec CommandsConfiguration Commands Mode Command Prompt Command Line ProcessingKeystroke Function Command Groups Command Group DescriptionLine Commands LineRelated Commands Syntax Login local no loginPassword Syntax Password 0 7 password no passwordSyntax Exec-timeout seconds no exec-timeout Exec-timeoutPassword-thresh Syntax Password-thresh threshold no password-threshSilent-time Syntax Silent-time seconds no silent-timeSyntax Databits 7 8 no databits DatabitsParity Syntax Parity none even odd no paritySpeed Syntax Speed bps no speedSyntax Stopbits 1 StopbitsDisconnect Syntax Disconnect session-idShow line General CommandsSyntax Show line console vty Disable EnableSyntax Enable level Configure Show historyReload Exit EndQuit Command Function Mode Pag System Management CommandsDevice Designation Commands Function PagSyntax Prompt string no prompt PromptHostname Syntax Hostname name No hostnameUsername Access-level Password User Access CommandsUsername Enable password Related CommandsIP Filter Commands ManagementShow management Ip http port Web Server CommandsIp http server Syntax No ip http secure-server Default Setting Ip http secure-serverIp telnet server Ip http secure-portSyntax No ip telnet server Ip ssh server Secure Shell CommandsSyntax No ip ssh server Ip ssh timeout Syntax Ip ssh timeout seconds no ip ssh timeoutDisconnect ssh Ip ssh authentication-retriesSyntax Disconnect ssh connection-id Show ssh Show ip sshField Description Syntax No logging on Default Setting Event Logging CommandsLogging on Logging history Level DescriptionSyntax No logging host hostipaddress Logging hostLogging facility Syntax No logging facility typeSyntax No logging trap level Logging trapClear logging Syntax Clear logging flash ramShow logging Syntax Show logging flash ram sendmail trapFacility command Smtp Alert CommandsLogging trap command Syntax No logging sendmail host ipaddress Logging sendmail hostLogging sendmail level Syntax Logging sendmail level levelSyntax Logging sendmail source-email email-address Logging sendmail source-emailLogging sendmail destination-email Syntax No logging sendmail destination-email email-addressLogging sendmail Syntax No logging sendmail Default SettingShow logging sendmail Syntax No sntp client Default Setting Time CommandsSntp client Sntp server Syntax Sntp server ip1 ip2 ip3Sntp poll Syntax Sntp poll seconds no sntp pollSntp broadcast client Syntax No sntp broadcast client Default SettingShow sntp Calendar set Clock timezoneSyntax Show startup-config System Status CommandsShow calendar Command Line Interface Show running-config Related CommandsCommand Line Interface Show system Show usersShow version Flash/File Commands CopyCommand Line Interface Delete SyntaxDir Column Heading DescriptionBoot system WhichbootSyntax Boot system boot-romconfig opcode filename Authentication login Authentication CommandsAuthentication Sequence Command Group FunctionRadius Client Radius-server hostSyntax Radius-server port portnumber no radius-server port Radius-server portRadius-server key Syntax Radius-server key keystring no radius-server keyRadius-server timeout Radius-server retransmitShow radius-server TACACS+ ClientTacacs-server host Syntax Tacacs-server port portnumber no tacacs-server port Tacacs-server portTacacs-server key Syntax Tacacs-server key keystring no tacacs-server keyPort Security Commands Show tacacs-serverCommand Usage Port security802.1x Port Authentication Authentication dot1x defaultDefault Command Mode Dot1x defaultSyntax Dot1x default Command Mode Dot1x max-reqDot1x port-control Dot1x operation-modeDot1x re-authentication Dot1x re-authenticateDot1x timeout quiet-period Dot1x timeout re-authperiod Dot1x timeout tx-periodShow dot1x Syntax Show dot1x statistics interface interfaceReauthentication State Machine Authentication Commands Snmp Commands Snmp-server communitySyntax Snmp-server contact string no snmp-server contact Snmp-server contactSnmp-server location Syntax Snmp-server location text no snmp-server locationSnmp-server host Snmp-server enable traps Snmp ip filter No snmp ip filter ipaddress subnetmaskShow snmp Dhcp Client Dhcp CommandsCommand Function Mod Pag Ip dhcp client-identifierIp dhcp restart client Interface Interface CommandsPort-channel channel-idValue Speed-duplex DescriptionSyntax Description string no description Syntax No negotiation Default Setting NegotiationCapabilities Syntax No flowcontrol Default Setting FlowcontrolSyntax No shutdown Default Setting Switchport broadcast packet-rateShutdown Clear counters Port-channel channel-idValue Default SettingSyntax Clear counters interface Show interfaces status Syntax Show interfaces status interfaceShow interfaces counters Syntax Show interfaces counters interfaceShow interfaces switchport Syntax Show interfaces switchport interfaceBroadcast threshold Mirror Port Commands Port monitorShow port monitor Syntax Show port monitor interfaceRate Limit Commands Rate-limitLink Aggregation Commands Guidelines for Creating TrunksLacp Syntax No lacp Default SettingChannel-group Syntax Channel-group channel-idno channel-group100 Vdsl Commands Command Function ModSyntax Efm profile global profile name Efm profile globalProfile Name ProfileType Downstream Rate Upstream Rate Efm profile Syntax Efm profile profile nameSyntax No efm shutdown Default Setting Efm resetSyntax Efm reset local remote Efm shutdownSyntax Efm rdl no efm rdl Default Setting Efm rdlEfm interleave No efm interleaveProfile Name Theoretical Minimum Signal-to-Noise Ratio dB Efm noise-marginSyntax Efm rate-adapt no efm rate-adapt Default Setting Efm rate-adaptShow controllers ethernet-controller Syntax No efm pbo Default SettingEfm pbo Syntax Show controllers ethernet-controller interface-idShow interfaces counters Show controllers efm actual Show controllers efm profile Show controllers efm adminSyntax Show controllers efm interface-idadmin dsrate usrate Syntax Show controllers efm profile mapping namesShow controllers efm actual 4-111 show controllers efm admin Show controllers efm status Syntax Show controllers efm status link profile interface-idShow controllers efm remote ethernet mode Syntax Show controllers efm noise-margin Default Setting Show controllers efm-noise-marginShow controllers efm channel-performance Syntax Show controllers efm line-table Command ModeShow controllers efm line-table Show controllers efm phy-table Syntax Show controllers efm phy-table vtu-r vtu-c interfaceShow controllers efm channel-table Show controllers efm current-performance 121 Address Table Commands Mac-address-table staticClear mac-address-table dynamic Show mac-address-tableMac-address-table aging-time Spanning Tree Commands Show mac-address-table aging-timeSyntax Spanning-tree mode stp rstp no spanning-tree mode Spanning-tree modeSyntax No spanning-tree Default Setting Spanning-treeSpanning-tree forward-time Spanning-tree hello-time Spanning-tree max-ageSpanning-tree priority Spanning-tree pathcost method Spanning-tree transmission-limitSpanning-tree cost Syntax Spanning-tree cost cost no spanning-tree costSpanning-tree port-priority Syntax No spanning-tree edge-port Default SettingSpanning-tree edge-port Syntax No spanning-tree portfast Default Setting Spanning-tree portfastSpanning-tree link-type Show spanning-tree Port-channel channel-idValue Command ModeSpanning-tree protocol-migration Syntax Spanning-tree protocol-migration interface136 Editing Vlan Groups Vlan CommandsCommand Groups Function Vlan databaseRelated Commands VlanInterface vlan Configuring Vlan InterfacesSyntax Interface vlan vlan-id Switchport acceptable-frame-types Switchport modeSyntax Switchport mode trunk hybrid no switchport mode Switchport ingress-filtering Syntax No switchport ingress-filtering Default SettingSwitchport native vlan Switchport allowed vlanShow vlan Displaying Vlan InformationSyntax Show vlan id vlan-idname vlan-name Pvlan Configuring Private VLANsSyntax Pvlan Syntax Show pvlan Default Setting Show pvlanBridge Extension Commands Show bridge-extPriority Commands Layer Priority CommandsSwitchport priority default Queue mode Syntax Queue mode strict wrr no queue modeQueue bandwidth weight1...weight4 no queue bandwidth Queue bandwidthQueue cos-map QueueShow queue cos-map Show queue modeShow queue bandwidth Syntax Show queue cos-map interfacePriority Commands Layer 3 Syntax No map ip precedence Default SettingCoS Value Command Mode Syntax No map ip dscp Default SettingMap ip dscp Interface Configuration Map ip port Global Configuration Syntax Map ip port no map ip port Default SettingSyntax Show map ip precedence interface Show map ip precedenceShow map ip dscp Syntax Show map ip dscp interfaceShow map ip port Port-channel channel-idRange Default SettingSyntax Show map ip port interface Command Groups Function Pag Multicast Filtering CommandsIgmp Snooping Commands Ip igmp snoopingIp igmp snooping vlan static Ip igmp snooping versionFollowing shows the current Igmp snooping configuration Show ip igmp snoopingIgmp Query Commands Layer Show mac-address-table multicastIp igmp snooping querier Syntax No ip igmp snooping querier Default SettingIp igmp snooping query-count Ip igmp snooping query-interval Ip igmp snooping query-max-response-timeIp igmp snooping router-port-expire-time Ip igmp snooping vlan mrouter Static Multicast Routing CommandsSyntax No ip igmp snooping vlan vlan-idmrouter interface Show ip igmp snooping mrouter IP Interface CommandsBasic IP Configuration Syntax Show ip igmp snooping mrouter vlan vlan-idIp address Syntax Ip default-gateway gateway no ip default-gateway Ip default-gatewayShow ip interface Ping Show ip redirectsSyntax Ping host count countsize size 170 Appendix a Software Specifications Software FeaturesManagement Features StandardsManagement Information Bases Igmp MIB RFCSoftware Specifications Troubleshooting Chart Symptom ActionTroubleshooting Boot Protocol Bootp GlossaryGroup Attribute Registration Protocol Garp In-Band Management Pots Simple Mail Transfer Protocol Smtp Vdsl Index NumericsIndex Index-3 Index Index-4 Page VS4512