The dot1x port-control command sets the authorization state of an interface.
The undo dot1x port-control command restores the default authorization state of an interface.
By default, the authorization state of an interface is auto.
Parameter |
Description |
Value |
|---|---|---|
auto |
Indicates the auto identification mode. In this mode, an interface is initially in Unauthorized state and only allows users to send and receive EAPOL packets. Users cannot access network resources. After the users are authenticated, the interface becomes authorized and allows the users to access network resources. |
- |
authorized-force |
Indicates the forcible authorization mode. In this mode, the interface is always in Authorized state, does not handle EAPOL packets, and allows users to access network resources without authentication or authorization. |
- |
unauthorized-force |
Indicates the forcible unauthorized mode. In this mode, the interface is always in Unauthorized state, does not handle EAPOL packets, and prohibits users from accessing network resources. |
- |
Usage Scenario
The auto mode is recommended. Only authenticated users can access network resources. To trust all users on an interface without authentication, configure the authorized-force mode. To disable access rights of all users on an interface to ensure security, configure the unauthorized-force mode.
Precautions
If 802.1X users on an interface have gone online, changing the authorization state in the 802.1X access profile bound to the interface will make the online 802.1X users go offline.
It is recommended that you set the authorization state of an interface in the early stage of network deployment. When the network is running properly, run the cut access-user command to disconnect all users from the interface before changing the authorization state.