set dot1x auth-config

Use this command to configure 802.1X authentication.

Syntax

set dot1x auth-config {[authcontrolled-portcontrol {auto | forced-auth | forced-unauth}] [keytxenabled{false | true}] [maxreq value] [quietperiod value] [reauthenabled {false | true}] [reauthperiod value] [servertimeout timeout] [supptimeout timeout] [txperiod value]} [port-string]

Parameters

authcontrolled- portcontrol auto \| forced-auth \| forced-unauth	Specifies the EAPOL port control mode as: auto - Auto authorization mode (default). The Extreme Networks system will only forward frames received on a port which are considered authenticated according to the state of the corresponding access entity. forced-auth - Forced authorized mode, which effectively disables 802.1X authentication on the port, and allows all frames received on the port to be forwarded. forced-unauth - Forced unauthorized mode, which effectively disables 802.1X authentication on the port. When 802.1X is the only active authentication agent on a given port, this setting means all frames received will be dropped.
keytxenabled false \| true	Enables (true) or disables (false) 802.1X key transmission by the authenticator PAE state machine. Default value is false.
maxreq `value`	Specifies the maximum number of authentication requests allowed by the backend authentication state machine. Valid values are 1 - 10. The default value is 2.
quietperiod `value`	Specifies the time (in seconds) following a failed authentication before another attempt can be made by the authenticator PAE state machine. Valid values are 0 - 65535 seconds. The default value is 60 seconds.
reauthenabled false \| true	Enables (true) or disables (false) reauthentication control of the reauthentication timer state machine. The default value is false.
reauthperiod `value`	Specifies the time lapse (in seconds) between attempts by the reauthentication timer state machine to reauthenticate a port. Valid values are 0 - 65535. The default value is 3600.
servertimeout `timeout`	Specifies a timeout period (in seconds) for the authentication server, used by the backend authentication state machine. Valid values are 1 - 300. The default Value is 30 seconds.
supptimeout `timeout`	Specifies a timeout period (in seconds) for the authentication supplicant used by the backend authentication state machine. Valid values are 1 - 300. The default value is 30 seconds.
txperiod `value`	Specifies the period (in seconds) which passes between authenticator PAE state machine EAP transmissions. Valid values are 1 - 65535. The default value is 30 seconds.
`port-string`	(Optional) Limits the configuration of desired settings to specified port(s).

Defaults

If port-string is not specified, authentication parameters will be set on all ports

Mode

All command modes.

Examples

This example shows how to set EAPOL port control to forced authorized mode on ports ge.1.1-5, which disables authentication on these ports:

System(rw)->set dot1x auth-config authcontrolled-portcontrol forced-auth ge.1.1-5

This example shows how to enable reauthentication control on ports ge.1.1-3:

System(rw)->set dot1x auth-config reathenabled true ge.1.1-3

This example shows how to set the 802.1X quiet period to 120 seconds on ports ge.1.1-3:

System(rw)->set dot1x auth-config quietperiod 120 ge.1.1-3

Published May 2016prev | next

Email this topic

Print this page Print this page

Leave feedback Feedback