Page 41 / 757 Scroll up to view Page 36 - 40
xStack
®
DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch CLI Manual
37
DGS-3627:admin#
config 802.1x authorization attributes radius disable
Command: config 802.1x authorization attributes radius disable
Success.
DGS-3627:admin#
show 802.1x
Purpose
Used to display the 802.1X state or configurations.
Syntax
show 802.1x { [ auth_state | auth_configuration ] ports { < portlist > } }
Description
The show 802.1x command displays the 802.1X state or configurations.
Parameters
auth_state
- Used to display 802.1X authentication state machine of some or all ports
auth_configuration
- Used to display 802.1X configurations of some or all ports.
portlist
- Specifies a range of ports to be displayed.
If no port is specified, all ports will be displayed.
If no parameter is specified, the 802.1X system configurations will be displayed.
Restrictions
None.
Example usage:
To display the 802.1X states:
DGS-3627:admin#
show 802.1x auth_state ports 1-4
Command: show 802.1x auth_state ports 1-4
Status:
A – Authorized; U – Unauthorized; (P): Port-Based 802.1X
Port MAC Address
PAE State
Backend State
Status
VID
Priority
---- --------------------- ---------------- -------------- ------- ----
--------
1
00-00-00-00-00-01
Authenticated
Idle
A
4004
3
1
00-00-00-00-00-02
Authenticated
Idle
A
1234
-
1
00-00-00-00-00-04
Authenticating
Response
U
-
-
2
-
(P)
Authenticating
Request
U
-
-
3
-
(P)
Connecting
Idle
U
-
-
4
-
(P)
Held
Idle
U
-
-
Total Authenticating Hosts : 2
Total Authenticated Hosts
: 2
DGS-3627:admin#
To display the 802.1X system level configurations:
DGS-3627:admin#
show 802.1x
Command: show 802.1x
802.1X
: Enabled
Authentication Mode
: Port_based
Authentication Protocol
: Radius_Eap
Forward EAPOL PDU
: Enabled
Max Users
: no_limit
RADIUS Authorization
: Enabled
DGS-3627:admin#
Page 42 / 757
xStack
®
DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch CLI Manual
38
To display the 802.1X port level configurations:
DGS-3627:admin#
show 802.1x auth_configuration ports 1:1
Command: show 802.1x auth_configuration ports 1:1
Port number
: 1:1
Capability
: None
AdminCrlDir
: Both
OpenCrlDir
: Both
Port Control
: Auto
QuietPeriod
: 60 sec
TxPeriod
: 30 sec
SuppTimeout
: 30 sec
ServerTimeout
: 30 sec
MaxReq
: 2 times
ReAuthPeriod
: 3600 sec
ReAuthenticate
: Disabled
Forward EAPOL PDU On Port
: Enabled
Max Users On Port
: 10
DGS-3627:admin#
config 802.1x capability
Purpose
Used to configure the port capability.
Syntax
config 802.1x capability ports [ < portlist > | all ] [ authenticator | none ]
Description
The config 802.1x capability command configures the port capability.
Parameters
portlist
- Specifies a range of ports to be configured.
all
- Specifies all ports to be configured.
authenticator
- The port that wishes to enforce authentication before allowing access to
services that are accessible via that port adopts the authenticator role.
none
- Disable authentication on the specified ports.
Restrictions
Only Administrator and Operator-level users can issue this command.
Example usage:
To configure the port capability:
DGS-3627:admin# config 802.1x capability ports 1:1-1:10 authenticator
Command: config 802.1x capability ports 1:1-1:10 authenticator
Success.
DGS-3627:admin#
config 802.1x max_users
Purpose
Used to configure the maximum number of users that can be learned via 802.1X
authentication.
Syntax
config 802.1x max_users [<value 1 – 4000> | no_limit]
Description
The setting is a global limitation on the maximum number of users that can be learned via
802.1X authentication.
In addition to the global limitation, maximum user for per port is also limited. It is specified by
config 802.1x auth_parameter command.
Page 43 / 757
xStack
®
DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch CLI Manual
39
config 802.1x max_users
Parameters
max_users
- Specifies the maximum number of users.
The range is 1 to 4000. By default, there is no limit on the maximum users.
Restrictions
Only Administrator and Operator-level users can issue this command.
Example usage:
To configure 802.1X number of users to be limited to 200:
DGS-3627:admin#
config 802.1x max_users 200
Command: config 802.1x max_users 200
Success.
DGS-3627:admin#
config 802.1x auth_parameter
Purpose
Used to configure the parameters that control the operation of the authenticator associated
with a port.
Syntax
config 802.1x auth_parameter ports [ <portlist> | all ][ default |{ direction [ both | in ]|
port_control [ force_unauth | auto | force_auth ] | quiet_period < sec 0-65535> |
tx_period < sec 1-65535> | supp_timeout < sec 1-65535>| server_timeout < sec 1-
65535> | max_req < value 1-10> | reauth_period < sec 1-65535> | enable_reauth [
enable | disable ] | max_users [ <value 1 – 128> | no_limit ]} (1)]
Description
The config 802.1x auth_parameter command configures the parameters that control the
operation of the authenticator associated with a port.
Parameters
portlist
- Specifies a range of ports to be configured.
all
- All ports.
default
- Sets all parameter to be default value.
direction
- Sets the direction of access control.
both
- For bidirectional access control.
in
- For unidirectional access control.
port_control
- You can force a specific port to be unconditionally authorized or unauthorized
by setting the parameter of port_control to be force_authorized or force_unauthorized.
Besides, the controlled port will reflect the outcome of authentication if port_control is auto.
force_authorized
- Force a specific port to be unconditionally authorized.
auto
- The controlled port will reflect the outcome of authentication.
force_unauthorized
- Force a specific port to be unconditionally unauthorized.
quiet_period
- It is the initialization value of the quietWhile timer. The default value is 60
seconds and can be any value among 0 to 65535.
tx_period
- It is the initialization value of the txWhen timer. The default value is 30 seconds
and can be any integer value among 1 to 65535.
supp_timeout
- The initialization value of the aWhile timer when timing out the supplicant. Its
default value is 30 seconds and can be any integer value among 1 to 65535.
server_timeout
- The initialization value of the aWhile timer when timing out the
authentication server. Its default value is 30 seconds and can be any integer value among 1
to 65535.
max_req
- The maximum number of times that the authentication PAE state machine will
retransmit an EAP Request packet to the supplicant. Its default value is 2 and can be any
integer number among 1 to 10.
reauth_period
- It’s a nonzero number of seconds, which is used to be the re-authentication
timer. The default value is 3600.
Page 44 / 757
xStack
®
DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch CLI Manual
40
config 802.1x auth_parameter
enable_reauth
- You can enable or disable the re-authentication mechanism for a specific
port.
max_users
- Specifies per port maximum number of users.
The range is 1 to 128.
The default value is 16.
Restrictions
Only Administrator and Operator-level users can issue this command.
Example usage:
To configure the parameters that control the operation of the authenticator associated with a port:
DGS-3627:admin#
config 802.1x auth_parameter ports 1:1-1:20 direction both
Command: config 802.1x auth_parameter ports 1:1-1:20 direction both
Success.
DGS-3627:admin#
config 802.1x auth_mode
Purpose
Used to configure 802.1X authentication mode.
Syntax
config 802.1x auth_mode [ port_based | mac_based ]
Description
The config 802.1x auth_mode command configures the authentication mode.
Parameters
port_based
- Configure the authentication as port based mode.
mac_based
- Configure the authentication as MAC based mode.
Restrictions
Only Administrator and Operator-level users can issue this command.
Example usage:
To configure the authentication mode:
DGS-3627:admin# config 802.1x auth_mode port_based
Command: config 802.1x auth_mode port_based
Success.
DGS-3627:admin#
config 802.1x init
Purpose
Used to initialize the authentication state machine of some or all ports.
Syntax
config 802.1x init [ port_based ports [ < portlist | all > ] | mac_based ports [ < portlist >
| all ] { mac_address < macaddr > }]
Description
The config 802.1x init command used to initialize the authentication state machine of some or
all.
Parameters
port_based
- Configure the authentication as port based mode.
mac_based
- Configure the authentication as MAC based mode.
portlist
- Specifies a range of ports to be configured.
all
- All ports.
mac_address
- MAC address of client.
Page 45 / 757
xStack
®
DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch CLI Manual
41
config 802.1x init
Restrictions
Only Administrator and Operator-level users can issue this command.
Example usage:
To initialize the authentication state machine of some or all:
DGS-3627:admin#
config 802.1x init port_based ports all
Command: config 802.1x init port_based ports all
Success.
DGS-3627:admin#
config 802.1x reauth
Purpose
Used to re-authenticate the device connected to the port.
Syntax
config 802.1x reauth [ port_based ports [ < portlist | all >]| mac_based ports [ < portlist
> | all ] { mac_address < macaddr > }]
Description
The config 802.1x reauth command re-authenticates the device connected to the port. During
the re-authentication period, the port status remains authorized until failed re-authentication.
Parameters
port_based
- Configure the authentication as port based mode.
mac_based
- Configure the authentication as MAC based mode.
portlist
- Specifies a range of ports to be configured.
all
- All ports.
mac_address
- MAC address of client.
Restrictions
Only Administrator and Operator-level users can issue this command.
Example usage:
To re-authenticate the device connected to the port:
DGS-3627:admin#
config 802.1x reauth port_based ports all
Command: config 802.1x reauth port_based ports all
Success.
DGS-3627:admin#
create 802.1x guest_vlan
Purpose
Used to assign a static VLAN to be guest VLAN.
Syntax
create 802.1x guest_vlan { < vlan_name 32 > }
Description
The create 802.1x guest_vlan command will assign a static VLAN to be guest VLAN.
The specific VLAN which assigned to guest VLAN must be existed.
The specific VLAN which assigned to guest VLAN can’t be deleting.
Parameters
<vlan_name 32>
- Specify the static VLAN to be guest VLAN.
Restrictions
Only Administrator and Operator-level users can issue this command.
Example usage:

Rate

4.5 / 5 based on 2 votes.

Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top