DGS-3000 Series Layer 2 Managed Gigabit Ethernet Switch CLI Reference Guide
148
Format
config authentication ports [<portlist> | all] {auth_mode [port_based | host_based {vlanid
<vid_list> state [enable | disable]}] | multi_authen_methods [none | any | dot1x_impb |
impb_jwac | impb_wac | mac_impb| mac_jwac| mac_wac]}(1)
Parameters
<portlist>
- Enter a port or range of ports to configure.
all
- Specify to configure all ports.
auth_mode
- The authorization mode is port-based or host-based.
port-based
- If one of the attached hosts pass the authentication, all hosts on the same port
will be granted access to the network. If the user fails the authentication, this port will keep
trying the next authentication.
host-based
- Specify to allow every user to be authenticated individually. The "vlanid" can
authenticate the client on a specific authenticated VLAN(s).If the "vlanid" is not specified,
or all the VLANs are disabled, it means the host does not care which VLAN the client
comes from. The client will be authenticated if the client's MAC address (regardless of the
VLAN) is not authenticated.
vlanid
- (Optional) Specify the VLAN ID used for this configuration.
<vid_list>
- Enter the VLAN ID used for this configuration here.
state
- (Optional) Specify whether the authentication mode will be enabled or disabled on a
specified VLAN.
enable
- Specify that the authentication mode will be enabled on the specified VLAN.
disable
- Specify that the authentication mode will be disabled on the specified VLAN.
multi_authen_methods
- Specify the compound authentication method. (If the compound
authentication method selected includes IMPB(ex: dot1x_impb, impb_jwac, impb_wac,
mac_impb) and the other method (802.1X, JWAC, WAC or MAC) is globally disabled, only
IMPB will be used. If the mac_jwac or mac_wac option is selected, both authentication
methods will be applied. If one of the authentication methods fails or is globally disabled, then
access will be denied.)
none
- Specify that compound authentication is not enabled.
any
- Specify if any of the authentication methods (802.1X, MAC, and JWAC/WAC) pass, then
pass.
dot1x_impb
- Dot1x will be verified first, and then IMPB will be verified. Both authentications
need to be passed.
impb_jwac
- JWAC will be verified first, and then IMPB will be verified. Both authentications
need to be passed.
impb_wac
- WAC will be verified first, and then IMPB will be verified. Both authentications
need to be passed.
mac_impb
- MAC will be verified first, and then IMPB will be verified. Both authentications
need to be passed.
mac_jwac
- MAC will be verified first followed by JWAC. Both authentication methods need to
be passed.
mac_wac
- MAC will be verified first followed by WAC. Both authentication methods need to
be passed..
Restrictions
Only Administrators, Operators and Power-Users can issue this command.
Example
The following example sets the authentication mode of all ports to host-based:
Summary of Contents for DGS-3000 series
Page 1: ......