4000 Router Series Security Configuration Guide

ManualsBrandsHP ManualsNetwork HardwareHP MSR2003 AC Router

Setting the port authorization state

The port authorization state determines whether the client is granted access to the network. You can

control the authorization state of a port by using the dot1x port-control command and the following

keywords:

• authorized-force—Places the port in the authorized state, enabling users on the port to access the

network without authentication.

• unauthorized-force—Places the port in the unauthorized state, denying any access requests from

users on the port.

• auto—Places the port initially in the unauthorized state to allow only EAPOL packets to pass. After

a user passes authentication, sets the port in the authorized state to allow access to the network. You

can use this option in most scenarios.

To set the authorization state of a port:

Ste

Command

Remarks

1. Enter system view.

system-view N/A

2. Enter Layer 2 Ethernet

interface view.

interface interface-type

interface-number

N/A

3. Set the port authorization

state.

dot1x port-control { authorized-force |

auto | unauthorized-force }

By default, auto applies.

Specifying an access control method

Ste

Command

Remarks

1. Enter system view.

system-view N/A

2. Enter Layer 2 Ethernet

interface view.

interface interface-type

interface-number

N/A

3. Specify an access control

method.

dot1x port-method { macbased |

portbased }

By default, MAC-based access

control applies.

Setting the maximum number of concurrent 802.1X

users on a port

Perform this task to prevent the system resources from being overused.

To set the maximum number of concurrent 802.1X users on a port:

Ste

Command

Remarks

1. Enter system view.

system-view N/A