dot1x port-control

Usage Scenario

• In normal situations, configuring the authorization mode for an 802.1X authentication-enabled interface as auto is recommended. In this mode, the interface is initially in unauthorized state and allows only users' EAPOL packets to pass through and does not allow users to access network resources. After the users pass 802.1X authentication, the interface switches to the authorized state, and the users can access network resources.
• In scenarios where all users connected to an 802.1X authentication-enabled interface are trusted and granted access to the network without being authenticated, you can configure the authorization mode as authorized-force for the interface. In this mode, the interface remains in authorized state and allows users to access the network without being authorized.
• In scenarios where all users connected to an interface need to be disabled from accessing network resources due to security considerations, you can configure the authorization mode as unauthorized-force for the interface. In this mode, the interface remains in unauthorized state and prohibits users from accessing network resources. To configure an authorization mode for 802.1X authentication on an interface, run the dot1x port-control command.

Prerequisites

802.1X authentication has been enabled on the interface using the dot1x enable command.

Configuration Impact

If the authorization mode of an interface is changed when users are accessing the network through this interface, the users may be logged off unexpectedly and then automatically log in, and services are interrupted during this period of time.

Precautions

In VS mode, this command is supported only by the admin VS.