2-415
Catalyst 6500 Series Switch Command Reference—Release8.1
78-15474-01
Chapter2 Catalyst 6500 Series Switch and ROM Monitor Commands
set port dot1x
Defaults The default settings are as follows:
•The default port_control_value is force-authorized.
•The multiple host feature is disabled.
•The reauthentication feature is disabled.
•The multiple authentication feature is disabled.
•The shutdown-timeout feature is disabled.
Command Types Switch command.
Command Modes Privileged.
Usage Guidelines The dot1x port will not be allowed to become a trunk port, MVAP, channel port, dynamic port, or a secure
port.
When setting the port control type, the following applies:
•force-authorized forces the controlled port to transition to the authorized state unconditionally and
is equivalent to disabling 802.1x restriction in the port.
•force-unauthorized forces the controlled port to transit to the unauthorized state unconditionally and
prevents the authorized services of the authenticator to the supplicant.
•auto enables 802.1x control on the port.
If you disable the multiple host feature, once a dot1 x p ort is a uthor ize d thro ugh a succ es sful
authentication of a supplicant, only that particular host (MAC address) is al lowed on that port. When the
system detects another host (different MAC address) on the authorized port, it shuts down the port and
displays a syslog message. This is the default system behavior.
If you enable the multiple host feature, once a dot1x port is authorized through a successful
authentication of a supplicant, any host (any MAC address) is allowed to send or receive traffic on that
port.
If you enable reauthentication, you can set the reauthentication time period in seconds by entering the
set dot1x re-authperiod seconds command. The default for the reauthentication time period is
3600 seconds.
You can enable either multiple host mode or multiple authentication mode.
To specify the number of seconds that a port is shut down after a security violation, enter the set dot1x
shutdown-timeout command. Then enter the set port dot1x mod/port shutdown-timeout enable
command to activate automatic reenabling of the port after the shutdown-timeout period has elapsed.
Examples This example shows how to set the port control type automatically:
Console> (enable) set port dot1x 4/1 port-control auto
Port 4/1 dot1x port-control is set to auto.
Console> (enable)