Authentication Commands
4-85
4
Command Usage
• If you enable port security, the switch stops learning new MAC addresses on
the specified port when it has reached a configured maximum number. Only
incoming traffic with source addresses already stored in the dynamic or static
address table will be accepted.
• First use the
port security max-mac-count
command to set the number of
addresses, and then use the port security command to enable security on the
port.
• Use the
no port security max-mac-count
command to disable port security
and reset the maximum number of addresses to the default.
• You can also manually add secure addresses with the
mac-address-table
static
command.
• A secure port has the following restrictions:
- Cannot use port monitoring.
- Cannot be a multi-VLAN port.
- Cannot be connected to a network interconnection device.
- Cannot be a trunk port.
• If a port is disabled due to a security violation, it must be manually re-enabled
using the
no
shutdown
command.
Example
The following example enables port security for port 5, and sets the response to a
security violation to issue a trap message:
Related Commands
shutdown (4-136)
mac-address-table static (4-157)
show mac-address-table (4-158)
802.1X Port Authentication
The switch supports IEEE 802.1X (dot1x) port-based access control that prevents
unauthorized access to the network by requiring users to first submit credentials for
authentication. Client authentication is controlled centrally by a RADIUS server
using EAP (Extensible Authentication Protocol).
Console(config)#interface ethernet 1/5
Console(config-if)#port security action trap
Table 4-32 802.1X Port Authentication
Command
Function
Mode
Page
dot1x system-auth-control
Enables dot1x globally on the switch.
GC
4-86
dot1x default
Resets all dot1x parameters to their default values
GC
4-86
dot1x max-req
Sets the maximum number of times that the switch
retransmits an EAP request/identity packet to the client
before it times out the authentication session
IC
4-87
dot1x port-control
Sets dot1x mode for a port interface
IC
4-87
Summary of Contents for 24/48 10/100 Ports + 2GE
Page 2: ......
Page 4: ...ES3526XA ES3552XA F2 2 6 3 E122006 CS R02 149100005500H...
Page 18: ...Contents xiv...
Page 22: ...Tables xviii...
Page 26: ...Figures xxii...
Page 34: ...Introduction 1 8 1...
Page 44: ...Initial Configuration 2 10 2...
Page 242: ...Configuring the Switch 3 198 3...
Page 498: ...Software Specifications A 4 A...
Page 511: ......
Page 512: ...ES3526XA ES3552XA E122006 CS R02D 149100005500H...