< Home

dot1x enable

Function

The dot1x enable command enables 802.1X authentication on a device.

The undo dot1x enable command disables 802.1X authentication on a device.

By default, 802.1X authentication is disabled on a device.

Format

In the system view:

dot1x enable [ interface { interface-type interface-number1 [ to interface-number2 ] } &<1-10> ]

undo dot1x enable [ interface { interface-type interface-number1 [ to interface-number2 ] } &<1-10> ]

In the interface view:

dot1x enable

undo dot1x enable

Parameters

Parameter

Description

Value

interface { interface-type interface-number1 [ to interface-number2 ] }

Enables 802.1X authentication on the specified interface of the device.

  • interface-type specifies the interface type.
  • interface-number specifies the interface number.

Global 802.1X authentication is enabled if this parameter is not specified.

-

Views

System view, Ethernet interface view, GE interface view, MultiGE interface view, XGE interface view, 25GE interface view, 40GE interface view, 100GE interface view, Eth-Trunk interface view, Port group view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

The IEEE 802.1X standard (802.1X for short) is a port-based network access control protocol. You can run the dot1x enable command to enable 802.1X authentication globally and on an interface.

To make the 802.1X configuration effective on an interface, enable the global 802.1X authentication function and perform either of the following operations:
  • Run the dot1x enable command in the interface view.
  • Run the dot1x enable interface { interface-type interface-number1 [ to interface-number2 ] } &<1-10> command in the system view.

Precautions

  • All users have been disconnected before the undo operation is executed.

  • After the static MAC address entry is configured using the mac-address static mac-address interface-type interface-number vlan vlan-id command, the user corresponding to the entry cannot pass 802.1X authentication.
  • If 802.1X authentication is enabled on an interface, the following commands cannot be used on the same interface.

    Command

    Function

    mac-limit

    Sets the maximum number of MAC addresses that can be learned by an interface.

    mac-address learning disable

    Disables MAC address learning on an interface.

    port link-type dot1q-tunnel

    Sets the link type of an interface to QinQ.

    port vlan-mapping vlan map-vlan

    port vlan-mapping vlan inner-vlan

    Configures VLAN mapping on an interface.

    port vlan-stacking

    Configures selective QinQ.

    mac-vlan enable

    Enables MAC address-based VLAN assignment on an interface.

    ip-subnet-vlan enable

    Enables IP subnet-based VLAN assignment on an interface.

    user-bind ip sticky-mac

    Enables the device to generate snooping MAC entries.

Example

# Enable 802.1X authentication on GE0/0/1 in the system view.

<HUAWEI> system-view
[HUAWEI] dot1x enable
[HUAWEI] dot1x enable interface gigabitethernet 0/0/1

# Enable 802.1X authentication on GE0/0/1 in the interface view.

<HUAWEI> system-view
[HUAWEI] dot1x enable
[HUAWEI] interface gigabitethernet 0/0/1
[HUAWEI-GigabitEthernet0/0/1] dot1x enable
Parent Topic: NAC Configuration Commands (Common Mode)
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >