4000 Router Series Security Command Reference

Predefined user roles

network-admin

Usage guidelines

The multicast trigger function enables the device to act as the initiator and periodically multicast Identify

EAP-Request packets out of a port to detect 802.1X clients and trigger authentication. You can use the

dot1x timer tx-period command to set the interval for sending multicast Identify EAP-Request packets.

Disable the multicast trigger in a wireless LAN. Wireless clients and the wireless module of the network

access device can both initiate 802.1X authentication.

Examples

# Enable the multicast trigger function on Ethernet 1/1.

<Sysname> system-view

[Sysname] interface ethernet 1/1

[Sysname-Ethernet1/1] dot1x multicast-trigger

Related commands

• display dot1x

• dot1x timer tx-period

• dot1x unicast-trigger

dot1x port-control

Use dot1x port-control to set the authorization state for the port.

Use undo dot1x port-control to restore the default.

Syntax

dot1x port-control { authorized-force | auto | unauthorized-force }

undo dot1x port-control

Default

The default port authorization state is auto.

Views

Layer 2 Ethernet interface view

Predefined user roles

network-admin

Parameters

authorized-force: Places the port in the authorized state, enabling users on the port to access the network

without authentication.

auto: Places the port initially in the unauthorized state to allow only EAPOL packets to pass, and after a

user passes authentication, sets the port in the authorized state to allow access to the network. You can

use this option in most scenarios.

unauthorized-force: Places the port in the unauthorized state, denying any access requests from users on

the port.