Quick Reference Guide
946 PowerConnect B-Series TI24X Configuration Guide
53-1002269-02
Configuring 802.1X port security
28
By default, all controlled ports on the device are in the authorized state, allowing all traffic. When
you activate authentication on an 802.1X-enabled interface, its controlled port is placed in the
unauthorized state. When a Client connected to the interface is successfully authenticated, the
controlled port is then placed in the authorized state. The controlled port remains in the authorized
state until the Client logs off.
To activate authentication on an 802.1X-enabled interface, you configure the interface to place its
controlled port in the authorized state when a Client is authenticated by an Authentication Server.
To do this, enter commands such as the following.
PowerConnect(config)# interface e 1
PowerConnect(config-if-1)# dot1x port-control auto
Syntax: [no] dot1x port-control [force-authorized | force-unauthorized | auto]
When an interface control type is set to auto, the controlled port is initially set to unauthorized, but
is changed to authorized when the connecting Client is successfully authenticated by an
Authentication Server.
The port control type can be one of the following
force-authorized – The controlled port is placed unconditionally in the authorized state, allowing all
traffic. This is the default state for ports on the Dell device.
force-unauthorized – The controlled port is placed unconditionally in the unauthorized state.
auto – The controlled port is unauthorized until authentication takes place between the Client and
Authentication Server. Once the Client passes authentication, the port becomes authorized. This
activates authentication on an 802.1X-enabled interface.
NOTE
You cannot enable 802.1X port security on ports that have any of the following features enabled:
• Link aggregation
• Metro Ring Protocol (MRP)
• Mirror port
• Trunk port
Configuring periodic re-authentication
You can configure the device to periodically re-authenticate Clients connected to 802.1X-enabled
interfaces. When you enable periodic re-authentication, the device re-authenticates Clients every
3,600 seconds by default. You can optionally specify a different re-authentication interval of
between 1 – 4294967295 seconds.
To configure periodic re-authentication using the default interval of 3,600 seconds, enter the
following command.
PowerConnect(config-dot1x)# re-authentication
Syntax: [no] re-authentication
To configure periodic re-authentication with an interval of 2,000 seconds, enter the following
commands.
PowerConnect(config-dot1x)# re-authentication
PowerConnect(config-dot1x)# timeout re-authperiod 2000