1. Home
    2. /
  2. Manuals
    3. /
  3. NETGEAR
    4. /
  4. FSM7328S
    5. /
  5. 43
Page 211 / 400 Scroll up to view Page 206 - 210
User Manual for the NETGEAR 7300S Series Layer 3 Managed Switch Software
Security Commands
9-5
202-10088-01, March 2005
show port-security violation
This command displays the source MAC address of the last packet that was discarded on a locked
port.
Format
show port-security violation <interface>
Mode
Privileged EXEC
MAC Address
MAC Address of discarded packet on locked port.
Port Based Network Access Control (IEEE 802.1X)
Commands
This section provides a detailed explanation of the 802.1x commands. The commands are divided
into the following groups:
Configuration commands are used to configure features and options of the switch. For every
configuration command there is a show command that will display the configuration setting.
Show commands are used to display switch settings, statistics and other information.
authentication login
This command creates an authentication login list. The <
listname>
is any character string and is
not case sensitive. Up to 10 authentication login lists can be configured on the switch. When a list
is created, the authentication method “local” is set as the first method.
When the optional parameters “Option1”, “Option2” and/or “Option3” are used, an ordered list of
methods are set in the authentication login list. If the authentication login list does not exist, a new
authentication login list is first created and then the authentication methods are set in the
authentication login list. The maximum number of authentication login methods is three. The
possible method values are
local, radius
and
reject
.
The value of
local
indicates that the user’s locally stored ID and password are used for
authentication. The value of
radius
indicates that the user’s ID and password will be authenticated
using the RADIUS server. The value of
reject
indicates the user is never authenticated.
To authenticate a user, the authentication methods in the user’s login will be attempted in order
until an authentication attempt succeeds or fails
.
Note:
The default login list included with the default configuration can not be changed.
Page 212 / 400
User Manual for the NETGEAR 7300S Series Layer 3 Managed Switch Software
9-6
Security Commands
202-10088-01, March 2005
Format
authentication login
<listname> [method1 [method2
[method3]]]
Mode
Global Config
no authentication login
This command deletes the specified authentication login list. The attempt to delete will fail if any
of the following conditions are true:
The login list name is invalid or does not match an existing authentication login list
The specified authentication login list is assigned to any user or to the non configured user for
any component
The login list is the default login list included with the default configuration and was not
created using ‘authentication login’. The default login list cannot be deleted.
Format
no authentication login
<listname>
Mode
Global Config
clear dot1x statistics
This command resets the 802.1x statistics for the specified port or for all ports.
Format
clear dot1x statistics
{ <
slot/port
> | all }
Mode
Privileged EXEC
clear radius statistics
This command is used to clear all RADIUS statistics.
Format
clear radius statistics
Mode
Privileged EXEC
dot1x defaultlogin
This command assigns the authentication login list to use for non-configured users for 802.1x port
security. This setting is over-ridden by the authentication login list assigned to a specific user if the
user is configured locally. If this value is not configured, users will be authenticated using local
authentication only.
Page 213 / 400
User Manual for the NETGEAR 7300S Series Layer 3 Managed Switch Software
Security Commands
9-7
202-10088-01, March 2005
Format
dot1x defaultlogin
<listname>
Mode
Global Config
dot1x initialize
This command begins the initialization sequence on the specified port. This command is only valid
if the control mode for the specified port is 'auto'. If the control mode is not 'auto' an error will be
returned.
Format
dot1x initialize
<
slot/port
>
Mode
Privileged EXEC
dot1x login
This command assigns the specified authentication login list to the specified user for 802.1x port
security. The <user> parameter must be a configured user and the <listname> parameter must be a
configured authentication login list.
Format
dot1x login
<user> <listname>
Mode
Global Config
dot1x max-req
This command sets the maximum number of times the authenticator state machine on this port will
transmit an EAPOL EAP Request/Identity frame before timing out the supplicant. The <count>
value must be in the range 1 - 10.
Default
2
Format
dot1x max-req
<count>
Mode
Interface Config
no dot1x max-req
This command sets the maximum number of times the authenticator state machine on this port will
transmit an EAPOL EAP Request/Identity frame before timing out the supplicant.
Format
no dot1x max-req
Mode
Interface Config
Page 214 / 400
User Manual for the NETGEAR 7300S Series Layer 3 Managed Switch Software
9-8
Security Commands
202-10088-01, March 2005
dot1x port-control
This command sets the authentication mode to be used on the specified port. . The control mode
may be one of the following.
force-unauthorized:
The authenticator PAE unconditionally sets the controlled port to
unauthorized.
force-authorized:
The authenticator PAE unconditionally sets the controlled port to authorized.
auto:
The authenticator PAE sets the controlled port mode to reflect the outcome of the
authentication exchanges between the supplicant, authenticator and the authentication server.
Default
auto
Format
dot1x port-control {force-unauthorized |
force-
authorized |
auto}
Mode
Interface Config
no dot1x port-control
This command sets the authentication mode to be used on the specified port to 'auto'.
Format
no dot1x port-control
Mode
Interface Config
dot1x port-control All
This command sets the authentication mode to be used on all ports. The control mode may be one
of the following.
force-unauthorized:
The authenticator PAE unconditionally sets the controlled port to
unauthorized.
force-authorized:
The authenticator PAE unconditionally sets the controlled port to authorized.
auto:
The authenticator PAE sets the controlled port mode to reflect the outcome of the
authentication exchanges between the supplicant, authenticator and the authentication server.
Default
auto
Format
dot1x port-control all {force-unauthorized | force-
authorized | auto}
Page 215 / 400
User Manual for the NETGEAR 7300S Series Layer 3 Managed Switch Software
Security Commands
9-9
202-10088-01, March 2005
Mode
Global Config
no dot1x port-control All
This command sets the authentication mode to be used on all ports to 'auto'.
Format
no dot1x port-control all
Mode
Global Config
dot1x re-authenticate
This command begins the re-authentication sequence on the specified port. This command is only
valid if the control mode for the specified port is 'auto'. If the control mode is not 'auto' an error
will be returned.
Format
dot1x re-authenticate
<
slot/port
>
Mode
Privileged EXEC
dot1x re-authentication
This command enables re-authentication of the supplicant for the specified port.
Default
disabled
Format
dot1x re-authentication
Mode
Interface Config
no dot1x re-authentication
This command disables re-authentication of the supplicant for the specified port.
Format
no dot1x re-authentication
Mode
Interface Config
dot1x system-auth-control
This command is used to enable the dot1x authentication support on the switch. By default, the
authentication support is disabled. While disabled, the dot1x configuration is retained and can be
changed, but is not activated.
Default
disabled

Rate

4.5 / 5 based on 2 votes.

Popular NETGEAR Models

Famous Router IPs
Famous Router Companies
Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top