DES-7200 Configuration Guide Chapter 4 802.1x Configuration
4-13
Command Function
dot1x port-control auto
Set the port to be a controlled port (enable interface
authentication). You can use the no option of the
command to disable the authentication of the
interface.
end
Return to the privileged mode.
write
Save the configuration.
show dot1x port-control
View the authentication configuration of the 802.1x
interface.
You can use the no dot1x port-control command to disable the authentication of the interface.
The following example sets Ethernet interface 1/1 to be a controlled interface:
DES-7200# configure terminal
DES-7200(config)# interface f 1/1
DES-7200(config-if)# dot1x port-control auto
DES-7200(config)# end
When a port is set as a controlled port, only the EAP packets are allowed to
pass; the packets to the CPU are also under control.
Caution
If you hope that cpu can not receive non-EAP packet from any
controlled port, you can separate management VLAN from user
VLAN.
4.2.6 Enabling Timed
Re-authentication
The 802.1x can ask users for re-authentication at periodical intervals, to prevent authorized
users from being used by other users. This can also detect disconnection, making more
accurate charging. In addition to the re-authentication switch, you can also define the
re-authentication interval, which is 3600 seconds by default. In the case of charging based on
duration, you should determine the re-authentication interval according to the specific network
size, which should be sufficient while as accurate as possible.
In the privileged mode, you can enable/disable re-authentication and set the re-authentication
interval by performing the following steps.
Command Function
configure terminal
Enter the global configuration mode.
dot1x re-authentication
Enable timed re-authentication.
dot1x timeout re-authperiod seconds
Set the re-authentication interval.
end
Return to the privileged mode.