802.1x Commands

User Guidelines

This command enables the attachment of multiple clients to a single 802.1x-enabled port. In this mode, only one of the attached hosts must be successfully authorized for all hosts to be granted network access. If the port becomes unauthorized, all attached clients are denied access to the network.

For unauthenticated VLANs, multiple hosts are always enabled.

Multiple-hosts must be enabled to enable port security on the port.

Example

The following command enables multiple hosts (clients) on an 802.1x-authorized port.

Console(config-if)# dot1x multiple-hosts

dot1x single-host-violation

The dot1x single-host-violationInterface Configuration mode command configures the action to be taken, when a station whose MAC address is not the supplicant MAC address, attempts to access the interface. Use the no form of this command to return to default.

Syntax

dot1x single-host-violation {forward discard discard-shutdown} [trap seconds] no port dot1x single-host-violation

Parameters

forward — Forwards frames with source addresses that are not the supplicant address, but does not learn the source addresses.

discard — Discards frames with source addresses that are not the supplicant address.

discard-shutdown— Discards frames with source addresses that are not the supplicant address. The port is also shut down.

trap — Indicates that SNMP traps are sent.

seconds — Specifies the minimum amount of time in seconds between consecutive traps. (Range: 1- 1000000)

Default Configuration

Frames with source addresses that are not the supplicant address are discarded.

400Intel® Blade Server Ethernet Switch Modules SBCEGBESW1 and SBCEGBESW10 CLI Guide

Page 416
Image 416
Intel SBCEGBESW10 CLI manual Dot1x single-host-violation