Quick Reference Guide

ManualsBrandsDell ManualsComputer equipmentPowerConnect B-TI24x

981

982

983

984

985

986

987

988

989

990

PowerConnect B-Series TI24X Configuration Guide 951

53-1002269-02

Configuring 802.1X port security

You can optionally disable aging of the permitted or denied dot1x-mac-sessions, or both, on the

Dell device.

To disable aging of the permitted dot1x-mac-sessions, enter the following command.

PowerConnect(config-dot1x)# mac-session-aging no-aging permitted-mac-only

Syntax: [no] mac-session-aging no-aging permitted-mac-only

To disable aging of the denied dot1x-mac-sessions, enter the following command.

PowerConnect(config-dot1x)# mac-session-aging no-aging denied-mac-only

Syntax: [no] mac-session-aging no-aging denied-mac-only

NOTE

This command enables aging of permitted sessions.

As a shortcut, use the command [no] mac-session-aging to enable or disable aging for permitted

and denied sessions.

Specifying the aging time for blocked clients

When the Dell device is configured to drop traffic from non-authenticated Clients, traffic from the

blocked Clients is dropped in hardware, without being sent to the CPU. A Layer 2 CAM entry is

created that drops traffic from the blocked Client MAC address in hardware. If no traffic is received

from the blocked Client MAC address for a certain amount of time, this Layer 2 CAM entry is aged

out. If traffic is subsequently received from the Client MAC address, then an attempt can be made

to authenticate the Client again.

Aging of the Layer 2 CAM entry for a blocked Client MAC address occurs in two phases, known as

hardware aging and software aging. The hardware aging period is fixed at 70 seconds and is

non-configurable. The software aging time is configurable through the CLI.

Once the Dell device stops receiving traffic from a blocked Client MAC address, the hardware aging

begins and lasts for a fixed period of time. After the hardware aging period ends, the software

aging period begins. The software aging period lasts for a configurable amount of time (by default

120 seconds). After the software aging period ends, the blocked Client MAC address ages out, and

can be authenticated again if the Dell device receives traffic from the Client MAC address.

Change the length of the software aging period for a blocked Client MAC address by entering a

command such as the following.

PowerConnect(config)# mac-session-aging max-age 180

Syntax: [no] mac-session-aging max-age <seconds>

You can specify from 1 – 65535 seconds. The default is 120 seconds.

Clearing a dot1x-mac-session for a MAC address

You can clear the dot1x-mac-session for a specified MAC address, so that the Client with that MAC

address can be re-authenticated by the RADIUS server.

Example

PowerConnect# clear dot1x mac-session 00e0.1234.abd4

Syntax: clear dot1x mac-session <mac-address>