dot1x port-control
dot1x port-control
Use the dot1x port-control interface configuration command to enable manual control of the
authorization state of the port. Use the no form of this command to return to the default setting.
Syntax Description
auto
force-authorized
force-unauthorized Deny all access through this interface by forcing the port to transition to the
Defaults
The default is force-authorized.
Command Modes
Interface configuration
Command History
Release
12.1(8)EA1
Usage Guidelines
You must enable 802.1X globally on the switch by using the dot1x system-auth-control global
configuration command before enabling 802.1X on a specific interface.
The 802.1X protocol is supported on both Layer 2 static-access ports and Layer 3 routed ports.
You can use the auto keyword only if the port is not configured as one of these:
•
•
•
Catalyst 3550 Multilayer Switch Command Reference
2-74
dot1x port-control {auto | force-authorized | force-unauthorized}
no dot1x port-control
Enable 802.1X authentication on the interface and cause the port to transition
to the authorized or unauthorized state based on the 802.1X authentication
exchange between the switch and the client.
Disable 802.1X authentication on the interface and cause the port to transition
to the authorized state without any authentication exchange required. The port
sends and receives normal traffic without 802.1X-based authentication of the
client.
unauthorized state, ignoring all attempts by the client to authenticate. The
switch cannot provide authentication services to the client through the interface.
Modification
This command was first introduced.
Trunk port—If you try to enable 802.1X on a trunk port, an error message appears, and 802.1X is
not enabled. If you try to change the mode of an 802.1X-enabled port to trunk, the port mode is not
changed.
Dynamic ports—A port in dynamic mode can negotiate with its neighbor to become a trunk port. If
you try to enable 802.1X on a dynamic port, an error message appears, and 802.1X is not enabled.
If you try to change the mode of an 802.1X-enabled port to dynamic, the port mode is not changed.
Dynamic-access ports—If you try to enable 802.1X on a dynamic-access (VLAN Query Protocol
[VQP]) port, an error message appears, and 802.1X is not enabled. If you try to change an
802.1X-enabled port to dynamic VLAN assignment, an error message appears, and the VLAN
configuration is not changed.
Chapter 2
Cisco IOS Commands
78-11195-09