CLI Reference Guide-R05

ManualsBrandsEdgecore Networks ManualsEnterpriseL2 Gigabit Ethernet Carrier Grade Switch

261

262

263

264

265

266

267

268

269

270

Table Of Contents

Chapter 8

| Authentication Commands

802.1X Port Authentication

– 263 –

Command Usage

◆ When devices attached to a port must submit requests to another

authenticator on the network, configure the identity profile parameters (see

dot1x identity profile command) which identify this switch as a supplicant, and

enable dot1x supplicant mode for those ports which must authenticate clients

through a remote authenticator using this command. In this mode the port will

not respond to dot1x messages meant for an authenticator.

◆ This switch can be configured to serve as the authenticator on selected ports

by setting the control mode to “auto” (see the dot1x port-control command),

and as a supplicant on other ports by the setting the control mode to “force-

authorized” and enabling dot1x supplicant mode with this command.

◆ A port cannot be configured as a dot1x supplicant if it is a member of a trunk or

LACP is enabled on the port.

Example

Console(config)#interface ethernet 1/2

Console(config-if)#dot1x pae supplicant

Console(config-if)#

dot1x timeout

auth-period

This command sets the time that a supplicant port waits for a response from the

authenticator. Use the no form to restore the default setting.

Syntax

dot1x timeout auth-period seconds

no dot1x timeout auth-period

seconds - The number of seconds. (Range: 1-65535)

Default

30 seconds

Command Mode

Interface Configuration

Command Usage

This command sets the time that the supplicant waits for a response from the

authenticator for packets other than EAPOL-Start.

Example

Console(config)#interface eth 1/2

Console(config-if)#dot1x timeout auth-period 60

Console(config-if)#