Specifications

Configuring and Managing Ports

4-4 Configuring and Managing Ports and VLANs

Example

Tosetport 1asawiredauthenticationport,typethefollowingcommand:

RBT-8100# set port type wired-auth 1

success: change accepted

Thiscommandconfiguresport1asawiredauthenticationportsupportingoneinterfaceandone

simultaneoususersession.

For802.1Xclients,wiredauthenticationworksonlyiftheclientsaredirectlyattachedtothewired

authenticationport,orareattachedthrou ghahubthatdoesnotblockforwardingofpacketsfrom 

the

clienttothePAEgroupaddress(01:80:c2:00:00:03).Wiredauthenticationworksinaccordance

withthe802.1Xspecification,whichprohibitsaclientfromsendingtrafficdirectlytoan

authenticator’sMACaddressuntiltheclientisauthenticated.Insteadofsendingtraffictothe

authenticator’sMACaddress,theclientsendspacketstothePAE

groupaddress.The802.1X

specificationprohibitsnetworkingdevicesfromforwardingPAEgroupaddresspackets,because

thiswouldmakeitpossibleformultipleauthenticatorstoacquirethesameclient.

Fornon‐802.1Xclients,whouseMACauthentication,WebAAA,orlast‐resortauthentication,

wiredauthenticationworksiftheclientsaredirectlyattachedor

indirectlyattached.

Clearing a Port

Tochangeaport’stypefromDAPaccessportorwiredauthenticationport,youmustfirstclearthe

port,thensettheporttype.

Clearingaportremovesalltheport’sconfigurationsettingsandresetstheportasanetworkport.

•Iftheportisawiredauthenticatedport,clearingthe

portdisables802.1Xauthentication.

•Iftheportisanetworkport,theportmustfirstberemovedfromallVLANs,whichremove s

theportfromallspanningtrees,load‐sharingportgroups,andsoon.

Toclearaport,usethefollowingcommand:

clear port type port-list

Note: If clients are connected to a wired authentication port through a downstream third-party

switch, the RoamAbout Switchattempts to authenticate based on any traffic coming from the switch,

such as Spanning Tree Protocol (STP) BPDUs. In this case, disable repetitive traffic emissions such

as STP BPDUs from downstream switches. If you want to provide a management path to a

downstream switch, use MAC authentication.

Note: When you clear a port, MSS ends user sessions that are using the port.

Note: A cleared port is not placed in any VLANs, not even the default VLAN (VLAN 1).