(Optional) Configuring the Access Control Mode of an Interface

Context

After 802.1X authentication is enabled, the device supports two access control modes of an interface:

Interface-based mode: After the first user of the interface passes the authentication, other access users can access the network without being authenticated. However, when the authenticated user goes offline, other users can no longer access the network. The authentication scheme is applicable to group users.
MAC address-based mode: All users of the interface must be authenticated. When a user goes offline, other users can still access the network. The authentication mode is applicable to individual users.

When 802.1X authentication users are online, you cannot change the access control mode of an interface.

When MAC address-based access control is used in 802.1X authentication, ensure that the interface type is hybrid when you configure the authorization VLAN.

Procedure

Run system-view
The system view is displayed.
Configure the access control mode of an interface in the system or interface view.
- In the system view:
1. Run dot1x port-method { mac | port } interface { interface-type interface-number1 [ to interface-number2 ] } &<1-10>
  The access control mode of the interface is configured.
- In the interface view:
1. Run interface interface-type interface-number
  The interface view is displayed.
2. Run dot1x port-method { mac | port }
  The access control mode of the interface is configured.
By default, an interface uses the MAC address-based mode.