dot1x port-method

Function

The dot1x port-method command sets the 802.1X access control method of an interface.

The undo dot1x port-method command sets the default 802.1X access control method of an interface.

By default, 802.1X access control on an interface is based on MAC addresses.

Format

In the system view:

dot1x port-method { mac | port } interface { interface-type interface-number1 [ to interface-number2 ] } &<1-10>

undo dot1x port-method interface { interface-type interface-number1 [ to interface-number2 ] } &<1-10>

In the interface view:

dot1x port-method { mac | port }

undo dot1x port-method

Parameters

Parameter	Description	Value
mac	Indicates that users are authenticated based on their MAC addresses.	-
port	Indicates that users are authenticated based on their access interfaces.	-
interface { interface-type interface-number1 [ to interface-number2 ] }	Indicates the interface type and number. interface-type specifies the interface type. interface-number specifies the interface number.	-

Parameter

Description

Value

mac

Indicates that users are authenticated based on their MAC addresses.

port

Indicates that users are authenticated based on their access interfaces.

interface { interface-type interface-number1 [ to interface-number2 ] }

Indicates the interface type and number.

interface-type specifies the interface type.
interface-number specifies the interface number.

Views

System view, Ethernet interface view, GE interface view, MultiGE interface view, XGE interface view, 25GE interface view, 40GE interface view, 100GE interface view, Eth-Trunk interface view, Port group view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

802.1X access control can be based on MAC addresses or interfaces.

When the mac method is used, all 802.1X users on an interface are authenticated one by one. If a user goes offline, other users on this interface are not affected. The mac method is applicable to individual users.
When the port method is used, all the other 802.1X users on an interface can use network resources as long as one user is authenticated successfully. When the authenticated user goes offline, other users cannot use network resources. The port method is applicable to group users.

Prerequisites

802.1X authentication has been enabled globally and on an interface using the dot1x enable command.

Precautions

When there are online 802.1X users on an interface, do not run the dot1x port-method command to change the access control method on the interface.
If the access control method of an interface is set to port, only one 802.1X users can access the interface. After you run the undo dot1x port-method command, MAC address-based access control is enabled, but still only one user can access the interface. You can run the dot1x max-user command to increase the maximum number of 802.1X users as required.

Example

# Set the 802.1X access control method on GE0/0/1 in the system view to port.

<HUAWEI> system-view
[HUAWEI] dot1x port-method port interface gigabitethernet 0/0/1

# Set the 802.1X access control method on GE0/0/1 in the interface view to port.

<HUAWEI> system-view
[HUAWEI] interface gigabitethernet 0/0/1
[HUAWEI-GigabitEthernet0/0/1] dot1x port-method port