Controls port-state authorization and configures the port control type to activate authentication on an 802.1X-enabled interface.

dot1x port-control { auto | force-authorized | force-unauthorized } { all | ethernet unit / slot / port [ to unit / slot /port ] }
no dot1x port-control { auto | force-authorized | force-unauthorized } { all | ethernet unit / slot / port [ to unit / slot /port ] }

All controlled ports on the device are in the authorized state, allowing all traffic.

auto
Enables authentication on a port. It places the controlled port in the unauthorized state until authentication takes place between the client and authentication server. Once the client passes authentication, the port becomes authorized. This activates authentication on an 802.1X-enabled interface. The controlled port remains in the authorized state until the Client logs off.
force-authorized
Places the controlled port unconditionally in the authorized state, allowing all traffic to pass between the client and the authenticator. This is the default state for ports on the device.
force-unauthorized
Places the controlled port unconditionally in the unauthorized state, denying any traffic to pass between the client and the authenticator.
ethernet unit / slot / port [ to unit / slot / port ]
Configures the specified interface or range of interfaces.
all
Configures all interfaces on the device.

General configuration mode

Before activating the authentication using the dot1x port-control auto command on an untagged port, you must remove configured static ACL, if any, from the port.

You cannot enable 802.1X authentication on ports that have any of the following features enabled:
  • Link aggregation
  • Metro Ring Protocol (MRP)
  • Mirror port
  • LAG port

The no form of the command resets the port control type to the default state.

The following example places the configured port unconditionally in the unauthorized state until authentication takes place between the client and authentication server. Once the client passes authentication, the port becomes authorized.

device# configure terminal
device(config)# dot1x port-control auto ethernet 3/1/1

The following example configures the specified interface to place the controlled port unconditionally in the authorized state.


device# configure terminal
device(config)# dot1x port-control force-authorized ethernet 3/1/1

The following example configures the specified interface to place the controlled port unconditionally in the unauthorized state.

device# configure terminal
device(config)# dot1x port-control force-unauthorized ethernet 3/1/1
Release version Command history
08.0.70 This command was moved to general configuration level.