Enabling Port Based Authentication Using the CLI Commands

The following table summarizes the equivalent CLI commands for enabling the port based authentication as displayed in the Port Based Authentication table.

Table 7-1. Port Authentication CLI Commands

CLI Command

Description

 

 

aaa authentication dot1x default

Specifies one or more authentication, authorization, and accounting

method1 [method2.]

(AAA) methods for use on interfaces running IEEE 802.1X.

 

 

dot1x auth-not-req

Enables authorized devices access to the VLAN.

 

 

dot1x guest-vlan

Defines a Guest VLAN.

 

 

dot1x guest vlan enable

Enables authorized users on the inteface to access the Guest VLAN.

 

 

dot1x mac-authentication

Enables authentication based on the station’s MAC address (MAC

 

based authentication).

 

 

dot1x max-req count

Sets the maximum number of times that the device sends an EAP to

 

the client, before restarting the authentication process.

 

 

dot1x re-authenticate [ethernet

Manually initiates a re-authentication of all 802.1X-enabled ports or the

interface]

specified 802.1X-enabled port.

 

 

dot1x re-authentication

Enables periodic re-authentication of the client.

 

 

dot1x timeout quiet-period seconds

Sets the number of seconds that the device remains in the quiet state

 

following a failed authentication exchange.

 

 

dot1x timeout re-authperiod seconds

Sets the number of seconds between re-authentication attempts.

 

 

dot1x timeout server-timeout seconds

Sets the time for the retransmission of packets to the authentication server.

 

 

dot1x timeout supp-timeout seconds

Sets the time for the retransmission of an EAP request frame to the client.

 

 

dot1x timeout tx-period seconds

Sets the number of seconds that the device waits for a response to an EAP -

 

request/identity frame, from the client, before resending the request.

 

 

dot1x traps mac-authentication failure

Enables sending traps when the MAC address failed authenticaiton

 

(MAC based authentication).

 

 

dot1x radius-attribues vlan

Enables user-based VLAN assignment.

 

 

show dot1x [ethernet interface]

Displays 802.1X status for the device or for the specified interface.

 

 

show dot1x advanced

Displays 802.1X advanced features for the switch or specified interface.

 

 

show dot1x users [username username]

Displays 802.1X users for the device.

 

 

dot1x guest-vlan enable

Enables using a guest VLAN for unauthorized ports. If a Guest

 

VLAN is enabled, the unauthorized port automatically joins the

 

VLAN selected in VLAN List field. The field default is disabled.

 

 

dot1x guest-vlan

Contains a list of VLANs. The guest VLAN is selected from the

 

VLAN List

 

 

Configuring Switch Information

267

Page 267
Image 267
Dell 3548 manual Vlan List