7.1.1 List of configuration commands
The following tables list IEEE802.1X configuration commands.
|
Command name |
Description |
|---|---|
|
aaa accounting dot1x default |
Enables the collection of accounting information by the RADIUS server. |
|
aaa authentication dot1x default |
Configures the switch to use the RADIUS server for IEEE 802.1X user authentication. |
|
aaa authorization network default |
Enables VLAN-based authentication (dynamic) using VLAN information provided by the RADIUS server. |
|
dot1x force-authorized-port |
In the context of VLAN-based authentication (static), configures a port or channel group to transmit traffic without requiring authentication. |
|
dot1x ignore-eapol-start dot1x vlan ignore-eapol-start dot1x vlan dynamic ignore-eapol-start |
Configures the switch not to transmit EAP-Request/Identity packets in response to an EAPOL-Start message received from a supplicant. |
|
dot1x logging enable |
Enables the output of IEEE 802.1X operation log information to a syslog server. |
|
dot1x loglevel |
Specifies the message level to write to the operation log. |
|
dot1x max-req dot1x vlan max-req dot1x vlan dynamic max-req |
Specifies the maximum number of times that the switch sends an EAP-Request/Identity packet when there is no response from the supplicant. |
|
dot1x max-supplicant dot1x vlan max-supplicant dot1x vlan dynamic max-supplicant |
Specifies the maximum number of authenticated users permitted per authentication unit. |
|
dot1x multiple-hosts dot1x multiple-authentication |
Applies an authentication sub-mode to port-based authentication. |
|
dot1x port-control |
Enables port-based authentication. |
|
dot1x reauthentication dot1x vlan reauthentication dot1x vlan dynamic reauthentication |
Enables or disables periodic re-authentication of authenticated terminals. |
|
dot1x supplicant-detection dot1x vlan supplicant-detection dot1x vlan dynamic supplicant-detection |
Configures how terminal detection is performed when terminal authentication mode is specified as the authentication sub-mode. |
|
dot1x system-auth-control |
Enables IEEE 802.1X. |
|
dot1x timeout keep-unauth |
In the context of port-based authentication in single-terminal mode, this command configures how long the port blocks traffic after receiving authentication requests from multiple terminals. |
|
dot1x timeout quiet-period dot1x vlan timeout quiet-period dot1x vlan dynamic timeout quiet-period |
Configures how long the switch waits before allowing a supplicant that failed authentication (including re-authentication) to try again. |
|
dot1x timeout reauth-period dot1x vlan timeout reauth-period dot1x vlan dynamic timeout reauth-period |
Specifies the interval between re-authentication attempts for authenticated terminals. |
|
dot1x timeout server-timeout dot1x vlan timeout server-timeout dot1x vlan dynamic timeout server-timeout |
Specifies how long the switch waits for a response from the authentication server. |
|
dot1x timeout supp-timeout dot1x vlan timeout supp-timeout dot1x vlan dynamic timeout supp-timeout |
Configures how long the switch waits for a supplicant to respond to an EAP-Request/Identity packet. |
|
dot1x timeout tx-period dot1x vlan timeout tx-period dot1x vlan dynamic timeout tx-period |
Specifies the sending interval for EAP-Request/Identity packets. |
|
dot1x vlan enable |
Enables VLAN-based authentication (static). |
|
dot1x vlan dynamic enable |
Enables VLAN-based authentication (dynamic). |
|
dot1x vlan dynamic radius-vlan |
In the context of VLAN-based authentication (dynamic), this command specifies the VLANs that the switch can dynamically assign on the basis of information received from the RADIUS server. |