dot1x port-control
-
- Last UpdatedNov 26, 2018
- 2 minutes read
Controls port-state authorization and configures the port control type to activate authentication on an 802.1X-enabled interface.
All controlled ports on the device are in the authorized state, allowing all traffic.
auto
| Enables authentication on a port. It places the controlled port in the unauthorized state until authentication takes place between the client and authentication server. Once the client passes authentication, the port becomes authorized. This activates authentication on an 802.1X-enabled interface. The controlled port remains in the authorized state until the Client logs off.
|
force-authorized
| Places the controlled port unconditionally in the authorized state, allowing all traffic to pass between the client and the authenticator. This is the default state for ports on the device.
|
force-unauthorized
| Places the controlled port unconditionally in the unauthorized state, denying any traffic to pass between the client and the authenticator.
|
ethernet
unit
/
slot
/
port
[
to
unit
/
slot
/
port
]
| Configures the specified interface or range of interfaces.
|
all
| Configures all interfaces on the device.
|
General configuration mode
Before activating the authentication using the dot1x port-control auto command on an untagged port, you must remove configured static ACL, if any, from the port.
- Link aggregation
- Metro Ring Protocol (MRP)
- Mirror port
- LAG port
The no form of the command resets the port control type to the default state.
The following example places the configured port unconditionally in the unauthorized state until authentication takes place between the client and authentication server. Once the client passes authentication, the port becomes authorized.
device# configure terminal
device(config)# dot1x port-control auto ethernet 3/1/1
The following example configures the specified interface to place the controlled port unconditionally in the authorized state.
device# configure terminal
device(config)# dot1x port-control force-authorized ethernet 3/1/1
The following example configures the specified interface to place the controlled port unconditionally in the unauthorized state.
device# configure terminal
device(config)# dot1x port-control force-unauthorized ethernet 3/1/1
Release version | Command history |
---|---|
08.0.70 | This command was moved to general configuration level. |