125
dot1x supp-proxy-check
Use
dot1x
supp-proxy-check
to enable the proxy detection function and set the processing method
on the specified ports or all ports.
Use
undo dot1x
supp-proxy-check
to disable the function on the specified ports or all ports.
Syntax
In system view:
dot1x
supp-proxy-check
{
logoff
|
trap
}
[
interface
interface-list
]
undo dot1x
supp-proxy-check
{
logoff
|
trap
}
[
interface
interface-list
]
In Ethernet interface view:
dot1x
supp-proxy-check
{
logoff
|
trap
}
undo dot1x
supp-proxy-check
{
logoff
|
trap
}
Default
The proxy detection function is disabled. Users can use an authenticated 802.1X client as a network
access proxy to bypass monitoring and accounting.
Views
System view, Ethernet interface view
Default command level
2: System level
Parameters
logoff
: Logs off a user accessing the network through a proxy.
trap
: Sends a trap to the network management system when a user is detected accessing the
network through a proxy.
interface
interface-list
: Specifies an Ethernet port list, which can contain multiple Ethernet ports. The
interface-list
argument is in the format of
interface-list
= {
interface-type
interface-number
[
to
interface-type
interface-number
] } & <1-10>, where
interface-type
represents the port type,
interface-number
represents the port number, and & <1-10> means that you can provide up to 10
ports or port ranges. The start port number must be smaller than the end number and the two ports
must be of the same type. If no interface is specified, the command applies to all ports.
Usage guidelines
This function requires the cooperation of the iNode client software.
The proxy detection function must be enabled both globally in system view and for the intended ports
in system view or Ethernet interface view. Otherwise, it does not work.
Examples
# Configure ports GigabitEthernet 3/0/1 to 1/8 to log off users accessing the network through a proxy.
<Sysname> system-view
[Sysname] dot1x supp-proxy-check logoff
[Sysname] dot1x supp-proxy-check logoff interface gigabitethernet 3/0/1 to
gigabitethernet 3/0/8
# Configure port GigabitEthernet 3/0/9 to send a trap when a user is detected accessing the network
through a proxy.
<Sysname> system-view
[Sysname] dot1x supp-proxy-check trap
[Sysname] dot1x supp-proxy-check trap interface gigabitethernet 3/0/9