Instruction Manual
Table Of Contents
- Contents
- Tables
- Preface
- Section I
- Basic Operations
- Chapter 1
- Starting a Command Line Management Session
- Chapter 2
- Basic Command Line Commands
- Chapter 3
- Basic Switch Commands
- DISABLE DHCPBOOTP
- DISABLE IP REMOTEASSIGN
- DISABLE TELNET
- ENABLE BOOTP
- ENABLE DHCP
- ENABLE IP REMOTEASSIGN
- ENABLE TELNET
- FORMAT DEVICE
- PING
- PURGE IP
- RESET SWITCH
- RESET SYSTEM
- RESTART REBOOT
- RESTART SWITCH
- SET ASYN
- SET IP INTERFACE
- SET IP ROUTE
- SET PASSWORD MANAGER
- SET PASSWORD OPERATOR
- SET SWITCH CONSOLETIMER
- SET SYSTEM
- SET SYSTEM FANCONTROL
- SET USER PASSWORD
- SHOW ASYN
- SHOW CONFIG DYNAMIC
- SHOW CONFIG INFO
- SHOW DHCPBOOTP
- SHOW IP INTERFACE
- SHOW IP ROUTE
- SHOW SWITCH
- SHOW SYSTEM
- SHOW SYSTEM FANCONTROL
- Chapter 4
- Enhanced Stacking Commands
- Chapter 5
- Simple Network Time Protocol (SNTP) Commands
- Chapter 6
- SNMPv2 and SNMPv2c Commands
- Chapter 7
- Port Parameter Commands
- ACTIVATE SWITCH PORT
- DISABLE INTERFACE LINKTRAP
- DISABLE SWITCH PORT
- DISABLE SWITCH PORT FLOW
- ENABLE INTERFACE LINKTRAP
- ENABLE SWITCH PORT
- ENABLE SWITCH PORT FLOW
- PURGE SWITCH PORT
- RESET SWITCH PORT
- RESET SWITCH PORT COUNTER
- SET SWITCH PORT
- SET SWITCH PORT RATELIMITING
- SHOW INTERFACE
- SHOW SWITCH COUNTER
- SHOW SWITCH PORT
- SHOW SWITCH PORT COUNTER
- Chapter 8
- MAC Address Table Commands
- Chapter 9
- Static Port Trunking Commands
- Chapter 10
- LACP Port Trunking Commands
- Chapter 11
- Port Mirroring Commands
- Section II
- Advanced Operations
- Chapter 12
- File System Commands
- Chapter 13
- File Download and Upload Commands
- Chapter 14
- Event Log and Syslog Server Commands
- Chapter 15
- Classifier Commands
- Chapter 16
- Access Control List Commands
- Chapter 17
- Quality of Service (QoS) Commands
- ADD QOS FLOWGROUP
- ADD QOS POLICY
- ADD QOS TRAFFICCLASS
- CREATE QOS FLOWGROUP
- CREATE QOS POLICY
- CREATE QOS TRAFFICCLASS
- DELETE QOS FLOWGROUP
- DELETE QOS POLICY
- DELETE QOS TRAFFICCLASS
- DESTROY QOS FLOWGROUP
- DESTROY QOS POLICY
- DESTROY QOS TRAFFICCLASS
- PURGE QOS
- SET QOS FLOWGROUP
- SET QOS POLICY
- SET QOS PORT
- SET QOS TRAFFICCLASS
- SHOW QOS FLOWGROUP
- SHOW QOS POLICY
- SHOW QOS TRAFFICCLASS
- Chapter 18
- Class of Service (CoS) Commands
- Chapter 19
- IGMP Snooping Commands
- Chapter 20
- Denial of Service Defense Commands
- Chapter 21
- Power Over Ethernet Commands
- Chapter 22
- Networking Stack
- Section III
- SNMPv3
- Chapter 23
- SNMPv3 Commands
- ADD SNMPV3 USER
- CLEAR SNMPV3 ACCESS
- CLEAR SNMPV3 COMMUNITY
- CLEAR SNMPV3 NOTIFY
- CLEAR SNMPV3 TARGETADDR
- CLEAR SNMPV3 VIEW
- CREATE SNMPV3 ACCESS
- CREATE SNMPV3 COMMUNITY
- CREATE SNMPV3 GROUP
- CREATE SNMPV3 NOTIFY
- CREATE SNMPV3 TARGETADDR
- CREATE SNMPV3 TARGETPARAMS
- CREATE SNMPV3 VIEW
- DELETE SNMPV3 USER
- DESTROY SNMPv3 ACCESS
- DESTROY SNMPv3 COMMUNITY
- DESTROY SNMPv3 GROUP
- DESTROY SNMPv3 NOTIFY
- DESTROY SNMPv3 TARGETADDR
- DESTROY SNMPv3 TARGETPARMS
- DESTROY SNMPV3 VIEW
- PURGE SNMPV3 ACCESS
- PURGE SNMPV3 COMMUNITY
- PURGE SNMPV3 NOTIFY
- PURGE SNMPV3 TARGETADDR
- PURGE SNMPV3 VIEW
- SET SNMPV3 ACCESS
- SET SNMPV3 COMMUNITY
- SET SNMPV3 GROUP
- SET SNMPV3 NOTIFY
- SET SNMPV3 TARGETADDR
- SET SNMPV3 TARGETPARAMS
- SET SNMPV3 USER
- SET SNMPV3 VIEW
- SHOW SNMPV3 ACCESS
- SHOW SNMPV3 COMMUNITY
- SHOW SNMPv3 GROUP
- SHOW SNMPV3 NOTIFY
- SHOW SNMPV3 TARGETADDR
- SHOW SNMPV3 TARGETPARAMS
- SHOW SNMPV3 USER
- SHOW SNMPV3 VIEW
- Section IV
- Spanning Tree Protocols
- Chapter 24
- Spanning Tree Protocol Commands
- Chapter 25
- Rapid Spanning Tree Protocol Commands
- Chapter 26
- Multiple Spanning Tree Protocol Commands
- Section V
- Virtual LANs
- Chapter 27
- Port-based, Tagged, and Multiple Mode VLAN Commands
- Chapter 28
- GARP VLAN Registration Protocol Commands
- Chapter 29
- Protected Ports VLAN Commands
- Section VI
- Port Security
- Chapter 30
- MAC Address-based Port Security Commands
- Chapter 31
- 802.1x Port-based Network Access Control Commands
- Section VII
- Management Security
- Chapter 32
- Web Server Commands
- Chapter 33
- Encryption Key Commands
- Chapter 34
- Public Key Infrastructure (PKI) Certificate Commands
- Chapter 35
- Secure Sockets Layer (SSL) Commands
- Chapter 36
- Secure Shell (SSH) Commands
- Chapter 37
- TACACS+ and RADIUS Commands
- Chapter 38
- Management ACL Commands
- Index
Chapter 31: 802.1x Port-based Network Access Control Commands
564 Section VI: Port Security
Examples
The following command sets ports 4 to 6 to the authenticator role. The
authentication method is set to 802.1x, meaning that the supplicants must
have 802.1x client software and provide a username and password, either
automatically or manually, when logging on and during reauthentications.
The operating mode is set to Single and the piggy back mode to disabled.
At these settings, only one supplicant can use each port. After a supplicant
logs on, access by any other client to the same port is denied:
set portaccess=8021x port=4-6 role=authenticator mode=single
piggyback=disabled
The next command is identical to the previous example, except the
authentication method is MAC address-based, meaning the authenticator
ports use the MAC addresses of the supplicants as the usernames and
passwords. With MAC address-based authentication, an authenticator
port automatically extracts the MAC address from the initial frames
received from a supplicant and sends it to the RADIUS server. The
supplicants do not need 802.1x client software. Again, as in the previous
example, since the operating mode is Single and the piggy back mode is
disabled only one supplicant can use each port.
set portaccess=macbased port=4-6 role=authenticator
mode=single piggyback=disabled
Note
The remaining examples are limited to the 802.1x authentication
method, but apply equally to the MAC address-based authentication
method.
The following command sets port 12 to the authenticator role and the
operating mode to Single. The difference between this and the previous
example is the piggy back mode is enabled. This configuration is
appropriate when an authenticator port is supporting multiple clients, such
as when a port is connected to an Ethernet hub, and you do not want to
give each supplicant a separate username and password combination on
the RADIUS server. With the piggy back mode enabled, all of the clients
connected to the port can access it after one supplicant logs on:
set portaccess=8021x port=12 role=authenticator mode=single
piggyback=enabled
The following command sets port 22 to the authenticator role and the
operating mode to Multiple. This configuration is also appropriate where
there is more than one supplicant on a port. But an authenticator port in
the Multiple mode requires that all supplicants have their own username
and password combinations on the RADIUS server and that they log on
before they can use the authenticator port on the switch: