192
mdc-admin
Parameters
authorized-force
: Places the port in authorized state, enabling users on the port to access the
network without authentication.
auto
: Places the port initially in unauthorized state to allow only EAPOL packets to pass, and places
the port in authorized state after a user passes authentication. You can use this option in most
scenarios.
unauthorized-force
: Places the port in unauthorized state, denying any access requests from users
on the port.
Usage guidelines
You can use this command to set the port authorization state to determine whether a client is granted
access to the network.
Examples
# Set the authorization state of Ten-GigabitEthernet 1/0/1 to
unauthorized-force
.
<Sysname> system-view
[Sysname] interface ten-gigabitethernet 1/0/1
[Sysname-Ten-GigabitEthernet1/0/1] dot1x port-control unauthorized-force
Related commands
display dot1x
dot1x port-method
Use
dot1x
port-method
to specify an access control method for the port.
Use
undo dot1x
port-method
to restore the default.
Syntax
dot1x
port-method
{
macbased
|
portbased
}
undo dot1x
port-method
Default
MAC-based access control applies.
Views
Layer 2 Ethernet interface view
Layer 2 aggregate interface view
Predefined user roles
network-admin
mdc-admin
Parameters
macbased
: Uses MAC-based access control on the port to separately authenticate each user
attempting to access the network. Using this method, when an authenticated user logs off, no other
online users are affected.
portbased
: Uses port-based access control on the port. Using this method, once an 802.1X user
passes authentication on the port, any subsequent user can access the network through the port
without authentication. When the authenticated user logs off, all other users are logged off.