Specifications

ManualsBrandsCisco ManualsDocking StationAccess Registrar 3.5

241

242

243

244

245

246

247

248

249

250

2-191

Catalyst 4500 Se ries S wit ch C is co IO S C om mand R efer ence —Re lease I OS XE 3 .3.0 XO(1 5.1 (1)XO)

OL_28738-01

Chapter 2 Cisco IOS Commands for the Catalyst 4500 Series Switches

dot1x port-control

To enable manual control of the authorization state on a port, use the dot1x port-control command. To

return to the default setting, use the no form of this command.

dot1x port-control {auto | force-authorized | force-una uth oriz ed }

no dot1x port-cont rol {auto | force-authorized | force-unauthorized}

Syntax Description

Defaults The port 802.1X au thorization is disabl ed.

Command Modes Interface configur ation mode

Usage Guidelines The 802.1X protocol is supporte d on both the Layer 2 static-a ccess ports and the Layer 3-routed ports.

You can use the auto keyword only if the port is not configured as foll ows:

• Trunk port—If you try to enab le 802.1X on a trunk port, an error message appears, and 802. 1X is

not enabled. If you try to change the mode of an 802.1X-enabled port to trunk, the port mode is not

changed.

• Dynamic ports—A port in dynamic mode can negotiate with its neighbor to become a trunk port. If

you try to enable 802.1X on a dynamic port , an error message appears, an d 802.1X is not enabled.

If you try to change the mode of an 802.1X-enabled por t to dynamic, the port mode is not change d.

• EtherChannel port—B efore enabling 802.1X on the port, you must first remove it from the

EtherChannel. If you try to enable 802. 1X on an EtherChannel or on an active port in an

EtherChannel, an error messa ge appears, and 802.1X is not ena bled. If you enable 802. 1X on an

inactive port of an EtherChannel, the port does not join the EtherChannel.

• Switch Port Analyzer (SPAN) destination port—You can enable 802.1X on a port that is a SPAN

destination port; however, 802.1X is disable d until the port is removed as a SPAN destination. You

can enable 802.1X on a SPAN source port.

To globally disable 802.1X on the switch, you must disable it on each por t. There is no global

configuration command for this task.

auto Enables 802.1X authentication on the inter face and causes the port to

transition to the authorized or unauthorized state based on the 802.1X

authentication exchange between the switch and the client.

force-authorized Disables 802.1X authentic ation on the interface and causes the port to

transition to the authorized state without any authentication exchange

required. The port transmits and receives normal traffic without

802.1X-based authentication of the client.

force-unauthorized Denies all access through the specified interface by forcing the port to

transition to the unauthorized state, ignoring all attempts by the client to

authenticate. The switch cannot provide authentication services to the client

through the inte rface.