< Home

authentication control-point

Function

The authentication control-point command configures an interface as the control point.

The undo authentication control-point command restores the default setting.

By default, an interface does not function as a control point.

Format

authentication control-point [ open ]

undo authentication control-point

Parameters

Parameter

Description

Value

open

Enables the forwarding function of the control point.

-

Views

VLANIF interface view, Ethernet interface view, GE interface view, MultiGE interface view, XGE interface view, 25GE interface view, 40GE interface view, 100GE interface view, Eth-Trunk interface view, port group view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

When policy association is configured, the interface on an authentication control device is configured as the control point. If the open parameter is configured, the control point directly forwards user traffic. If the open parameter is not configured, the control point manages the forwarding rights for user traffic through NAC authentication.

Precautions

  • This command is supported only on authentication control devices.

  • When the VLANIF interface is configured as the NAC authentication interface, the VLANIF interface and its mapping physical interface must be configured as control points. However, NAC authentication cannot be configured on the physical interface. The open parameter cannot be configured for a VLANIF interface.

  • When the interface below functions as the control point, it can only directly forward user traffic. That is, only the authentication control-point open command can be configured.
    • An interface on the cards except LE1D2S04SEC0 card, LE1D2X32SEC0 card, LE1D2H02QEC0 card, and X series cards
    • An Eth-Trunk interface containing interfaces on the cards except LE1D2S04SEC0 card, LE1D2X32SEC0 card, LE1D2H02QEC0 card, and X series
    • An interface on the S6720-SI, S6720S-SI, S6720-EI or S6720S-EI
    • An Eth-Trunk interface containing interfaces on the S6720-SI, S6720S-SI, S6720-EI or S6720S-EI

Example

# Configure GE0/0/1 as the control point.

<HUAWEI> system-view
[HUAWEI] interface gigabitethernet0/0/1
[HUAWEI-GigabitEthernet0/0/1] authentication control-point
Parent Topic: Policy Association Configuration Commands
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >