2-86
Catalyst4500 Series SwitchCiscoIOS Command Reference—Release 12.2(18)EW
78-16201-01
Chapter2 Cisco IOS Commands for the Catalyst 4500 Series Switches
dot1x port-control
dot1x port-control
To enable manual control of the authorization state on a port, use the dot1x port-control command. To
return to the default setting, use the no form of this command.
dot1x port-control {auto | force-authorized | force-unauthorized}
no dot1x port-control {auto | force-authorized | force-unauthorized}
Syntax Description
Defaults The port 802.1x authorization is disabled.
Command Modes Interface configuration
Command History
Usage Guidelines The 802.1x protocol is supported on both Layer 2 static-access ports and Layer 3-routed ports.
You can use the auto keyword only if the port is not configured as one of these:
• Trunk port—If you try to enable 802.1x on a trunk port, an error message appears, and 802.1x is not
enabled. If you try to change the mode of an 802.1x-enabled port to trunk, the port mode is not
changed.
• Dynamic ports—A port in dynamic mode can negotiate with its neighbor to become a trunk port. If
you try to enable 802.1x on a dynamic port, an error message appears, and 802.1x is not enabled. If
you try to change the mode of an 802.1x-enabled port to dynamic, the port mode is not changed.
• EtherChannel port—Before enabling 802.1x on the port, you must first remove it from the
EtherChannel. If you try to enable 802.1x on an EtherChannel or on an active port in an
EtherChannel, an error message appears, and 802.1x is not enabled. If you enable 802.1x on an
inactive port of an EtherChannel, the port does not join the EtherChannel.
auto Enables 802.1x authentication on the interface and causes the port to
transition to the authorized or unauthorized state based on the 802.1x
authentication exchange between the switch and the client.
force-authorized Disables 802.1x authentication on the interface and causes the port to
transition to the authorized state without any authentication exchange
required. The port transmits and receives normal traffic without 802.1x-based
authentication of the client.
force-unauthorized Denies all access through the specified interface by forcing the port to
transition to the unauthorized state, ignoring all attempts by the client to
authenticate. The switch cannot provide authentication services to the client
through the interface.
Release Modification
12.1(12c)EW Support for this command was introduced on the Catalyst 4500 series switch.
To Next Page
Loading...
Need help?
General
