Manualshelf

Specifications

ManualsBrandsCisco ManualsDocking StationAccess Registrar 3.5
81828384858687888990
2-31
Catalyst 4500 Se ries S wit ch C is co IO S C om mand R efer ence —Re lease I OS XE 3 .3.0 XO(1 5.1 (1)XO)
OL_28738-01
Chapter 2 Cisco IOS Commands for the Catalyst 4500 Series Switches
authentication port-control
authenticatio n port-control
To configure the port-control value, use th e authentication port-control command in interface
configuration mode. To return to the default setting, use the no form of this command.
authentication port-cont rol [auto | force-authorized | force-u naut ho rize d]
no authentication port-control
Syntax Description
Command Default force-authorized
Command Modes Interface configur ation mode
Usage Guidelines The following guidelines apply to Ethernet switch network mod ules:
The 802.1X protocol is suppor ted on Layer 2 static-a ccess ports.
You can use the auto keyword only if the port is not config ured as one of the following type s:
Trunk port—If you try to enabl e 802.1X on a tr unk port, a n erro r message a ppears, a nd 802. 1X
is not enabled. If you try to change t he mode of an 802. 1X-enable d port to trunk, the port mo de
is not changed.
EtherChannel port—Before e nabling 802.1X on the port , you must first remove it from the
EtherChannel. If you try to enable 802. 1X on an EtherChannel or on an active port in an
EtherChannel, an er ror messa ge appears , and 8 02.1X is no t enab led. If you enabl e 802.1X on a
not-yet active port of an EtherChannel, the port does not join the EtherChannel.
Switch Port Analyzer (SPAN) destination port—You can enable 802.1X on a port that is a SPAN
destination port; however, 802.1X is disabled until the port is removed as a SPAN destination.
You can enable 802. 1X on a SPAN s ource port.
To globally disable 802.1X on the device, you must disable it on each port. The re is no global
configuration command for this task.
You can verify your settings with the show authentication privileged EXEC command.
The auto keyword allows you to send and receive only Extensible Authentication Protocol over LAN
(EAPOL) frames through the port. The authentication pro cess begins when the link state of the port
transitions from down to up or when an EAPOL-start frame is received. The system requests the identity
auto (Optional) Enables 802.1X port-based authentication and causes the port to
begin in the unauthorized state.
force-authorized (Optiona l) Disables 802.1X on the interface and causes the port to change
to the authorized state without any authentication exchange required. The
port transmits and receives normal traffic without 802.1X-based
authentication of the client. The force-authorized keyword is the default.
force-unauthorized (Optional) Denies all access through this interface by forcing the port to
change to the unauthorized state, ignoring all attempts by the client to
authenticate.