Administrator Guide

Security Commands 976
User Guidelines
This command has no user guidelines.
dot1x eapolflood
This command enables the flooding of received IEEE 802.1x frames in the
VLAN. Use the no form of the command to return the processing of EAPOL
frames to the default.
Syntax
dot1x eapolflood
no dot1x eapolflood
Default Configuration
By default, the switch does not forward received IEEE 802.1x frames, even if
802.1x is not enabled on the switch. This is the default behavior required by
IEEE 802.1x-2010.
Command Mode
Global Configuration mode
User Guidelines
Local processing of IEEE 802.1x frames must be disabled (no dot1x system-
auth-control) for this capability to be enabled. This capability is useful in
situations where the authenticator device is placed one or more hops away
from the authenticating host. The intervening switch will flood all received
IEEE 802.1x frames in the VLAN.
Flooding of IEEE 802.1x frames makes end stations vulnerable to a denial of
service attack should another end station record and play back certain flooded
EAPOL frames at a high rate.