Specifications
Managing 802.1X on Wired Authentication Ports
19-2 Managing 802.1X on the RoamAbout Switch
Enabling and Disabling 802.1X Globally
Thefollowingcommandgloballyenablesordisables802.1Xauthenticationonallwired
authenticationportsonaRAS:
set dot1x authcontrol {enable | disable}
Thedefaultsettingisenable,whichpermits802.1Xauthenticationtooccurasdeterminedbythe
setdot1Xport‐controlcommandforeachwiredauthenticationport.Thedisablesettingforcesall
wiredauthenticationportstounconditionallyauthorizeall802.1Xauthenticationattempts by
userswithanEAPsuccessmessage.
Example
Toreenable802.1Xauthenticationonwiredauthenticationports,typethefollowingcommand:
RBT-8100# set dot1x authcontrol enable
success: dot1x authcontrol enabled.
Setting 802.1X Port Control
Thefollowingcommandspecifiesthewayawiredauthenticationportorgroupofportshandles
user802.1Xauthenticationattempts:
set dot1x port-control {forceauth | forceunauth | auto} port-list
Thedefaultsettingisauto,whichallowstheRAStoprocess802.1Xauthenticationnormally
accordingtotheauthenticationconfiguration.Alternatively,youcansetawiredauthentication
portorportstoeitherunconditionallyauthenticateorunconditionallyrejectallusers.
Examples
Thefollowingcommandforcesport 19tounconditionallyauthenticateall802.1Xauthentication
attemptswithanEAPsuccessmessage:
RBT-8100# set dot1x port-control forceauth 19
success: authcontrol for 19 is set to FORCE-AUTH.
Similarly,thefollowingcommandforcesport 12tounconditionallyrejectany802.1Xattempts
withanEAPfailuremessage:
RBT-8100# set dot1x port-control forceunauth 12
success: authcontrol for 12 is set to FORCE-UNAUTH.
Thesetdot1xport‐controlcommandisoverriddenbythesetdot1xauthcontrol command.The
cleardot1xport‐controlcommandreturnsportcontroltothedefaultautovalue.
Typethefollowingcommandtoresetportcontrolforallwiredauthenticationports:
RBT-8100# clear dot1x port-control
success: change accepted.