Online demo
Contact us
11.13. IEEE 802.1x Commands
11.13.1. dot1x system-auth-ctrl
Command Purpose
Use the dot1x system-auth-ctrl to globally start the dot1x authenticate control feature.
To remove this configure, use no form of this command.
Prerequisites
Platform |
Software |
License |
Comments |
|---|---|---|---|
AQ-N3000 |
7.0 |
Base |
|
AQ-N5000 |
7.0 |
Base |
|
AQ-N6000 |
7.0 |
Base |
Command Syntax
dot1x system-auth-ctrl
no dot1x system-auth-ctrl
Command Mode
Global Config
Default
Disable
Usage
Use this command to globally start the dot1x feature. To make the dot1x configures on each port work normally, this command should be used.
Examples
The following is sample output from the dot1x system-auth-ctrl command:
Switch# configure terminal
Switch(config)# dot1x system-auth-ctrl
Switch(config)# no dot1x system-auth-ctrl
11.13.2. dot1x initialize
Command Purpose
Use the dot1x initialize privileged EXEC command on the switch to manually return the specified IEEE 802.1x-enabled port to an unauthorized state before initiating a new authentication session on the port.
Prerequisites
Platform |
Software |
License |
Comments |
|---|---|---|---|
AQ-N3000 |
7.0 |
Base |
|
AQ-N5000 |
7.0 |
Base |
|
AQ-N6000 |
7.0 |
Base |
Command Syntax
dot1x initialize interface IFNAME
Parameter |
Parameter Description |
Parameter Value |
|---|---|---|
IFNAME |
Specify the interface name to be initialized |
This function supports routed port and access port, and Does not support trunk port |
Command Mode
Privileged EXEC
Default
None
Usage
Use this command to initialize the IEEE 802.1x state machines and to set up a fresh environment for authentication. After you enter this command, the port status becomes unauthorized.
Examples
The following is sample output from the dot1x initialize command:
Switch# dot1x initialize interface eth-0-1
Related Commands
show dot1x
11.13.3. dot1x max-req
Command Purpose
Use the dot1x max-reauth-req interface configuration command on the switch to set the maximum number of times that the switch restarts the authentication process before a port changes to the unauthorized state. Use the no form of this command to return to the default setting.
Prerequisites
Platform |
Software |
License |
Comments |
|---|---|---|---|
AQ-N3000 |
7.0 |
Base |
|
AQ-N5000 |
7.0 |
Base |
|
AQ-N6000 |
7.0 |
Base |
Command Syntax
dot1x max-req COUNT
no dot1x max-req
Parameter |
Parameter Description |
Parameter Value |
|---|---|---|
COUNT |
Number of times that the switch restarts the authentication process before the port changes to the unauthorized state. |
1-10 |
Command Mode
Interface Configuration
Default
The default value of dot1x max-reauth-req is 2 times.
Usage
You should change the default value of this command only to adjust for unusual circumstances such as unreliable links or specific behavioral problems with certain clients and authentication servers.
Examples
The following is sample output from the dot1x max-reauth-req command:
Switch# configure terminal
Switch(config)# interface eth-0-1
Switch(config-if)# dot1x max-req 4
Related Commands
show dot1x
11.13.4. dot1x port-control
Command Purpose
Use the dot1x port-control interface configuration command on the switch to enable manual control of the authorization state of the port. Use the no form of this command to return to the default setting.
Support config dot1x in routed port, while can’t config it in a logical port such as agg, and so on.
Prerequisites
Platform |
Software |
License |
Comments |
|---|---|---|---|
AQ-N3000 |
7.0 |
Base |
|
AQ-N5000 |
7.0 |
Base |
|
AQ-N6000 |
7.0 |
Base |
Command Syntax
dot1x port-control ( auto | force-authorized | force-unauthorized | dir ( both | in ) )
no dot1x port-control
Parameter |
Parameter Description |
Parameter Value |
|---|---|---|
auto |
Enable IEEE 802.1x authentication on the port and cause the port to change to the authorized or unauthorized state based on the IEEE 802.1x authentication exchange between the switch and the client |
- |
force-authorized |
Disable IEEE 802.1x authentication on the port and cause the port to transition to the authorized state without an authentication exchange. The port sends and receives normal traffic without IEEE 802.1x-based authentication of the client |
- |
force-unauthorized |
Deny all access through this port by forcing the port to change to the unauthorized state, ignoring all attempts by the client to authenticate. The switch cannot provide authentication services to the client through the port |
- |
dir |
Specify the dot1x control direction |
- |
both |
Discard received and transmitted packets |
- |
in |
Discard received packets only |
- |
Command Mode
Interface Configuration
Default
Dot1x port control is disabled by default.
The default value of the control direction is “in”.
Usage
You must globally enable IEEE 802.1x authentication on the switch by using the dot1x system-auth-control Global Config command before enabling IEEE 802.1x authentication on a specific port.
Examples
The following is sample output from the dot1x port-control command:
Switch# configure terminal
Switch(config)# interface eth-0-1
Switch(config-if)# dot1x port-control auto
Related Commands
show dot1x
11.13.5. dot1x protocol-version
Command Purpose
Use the dot1x protocol-version interface configuration command on the switch to set the version of EAPOL packets. Use the no form of this command to return to the default setting.
Prerequisites
Platform |
Software |
License |
Comments |
|---|---|---|---|
AQ-N3000 |
7.0 |
Base |
|
AQ-N5000 |
7.0 |
Base |
|
AQ-N6000 |
7.0 |
Base |
Command Syntax
dot1x protocol-version VER
no dot1x protocol-version
Parameter |
Parameter Description |
Parameter Value |
|---|---|---|
VER |
The EAPOL version |
1-2 |
Command Mode
Interface Configuration
Default
The default value of EAPOL version is 2.
Usage
You must specify the control of the authorization state of the port by the dot1x port-control command, before setting the EAPOL version.
Examples
The following is sample output from the dot1x protocol-version command:
Switch# configure terminal
Switch(config)# interface eth-0-1
Switch(config-if)# dot1x protocol-version 1
Related Commands
show dot1x
11.13.6. dot1x timeout quiet-period
Command Purpose
Use the dot1x timeout quiet-period interface configuration command on the switch to set the quiet time interval. Use the no form of this command to return to the default setting.
Prerequisites
Platform |
Software |
License |
Comments |
|---|---|---|---|
AQ-N3000 |
7.0 |
Base |
|
AQ-N5000 |
7.0 |
Base |
|
AQ-N6000 |
7.0 |
Base |
Command Syntax
dot1x timeout quiet-period SECONDS
no dot1x timeout quiet-period
Parameter |
Parameter Description |
Parameter Value |
|---|---|---|
SECONDS |
The time interval (in seconds) between the retrials of authentication |
1-65535 seconds |
Command Mode
Interface Configuration
Default
The default value of dot1x quite-period is 60 seconds.
Usage
During the quiet period, the switch does not accept or initiate any authentication requests. If you want to provide a faster response time to the user, enter a number smaller than the default.
Examples
The following is sample output from the dot1x quiet-period command:
Switch# configure terminal
Switch(config)# interface eth-0-1
Switch(config-if)# dot1x timeout quiet-period 100
Related Commands
show dot1x
11.13.7. dot1x handshake
Command Purpose
Use the dot1x handshake interface configuration command on the switch to enable periodic handshake of the client. Use the no form of this command to return to the default setting.
Prerequisites
Platform |
Software |
License |
Comments |
|---|---|---|---|
AQ-N3000 |
7.0 |
Base |
|
AQ-N5000 |
7.0 |
Base |
|
AQ-N6000 |
7.0 |
Base |
Command Syntax
dot1x handshake
no dot1x handshake
Command Mode
Interface Configuration
Default
None
Usage
The default setting of dot1x handshake is disabled. when the hanshake is disabled, the configuration of the handshake timeout should not take effect.
Examples
The following is sample output from the dot1x handshake command:
Switch# configure terminal
Switch(config)# interface eth-0-1
Switch(config-if)# dot1x handshake
Related Commands
dot1x timeout
dot1x max-req
11.13.8. dot1x timeout handshake-period
Command Purpose
Use the dot1x timeout handshake-period interface configuration command on the switch to set the handshake time interval. Use the no form of this command to return to the default setting.
Prerequisites
Platform |
Software |
License |
Comments |
|---|---|---|---|
AQ-N3000 |
7.0 |
Base |
|
AQ-N5000 |
7.0 |
Base |
|
AQ-N6000 |
7.0 |
Base |
Command Syntax
dot1x timeout handshake-period SECONDS
no dot1x timeout handshake-period
Parameter |
Parameter Description |
Parameter Value |
|---|---|---|
SECONDS |
The time interval (in seconds) between the retrials of handshake for online uses |
5-7200 seconds |
Command Mode
Interface Configuration
Default
The default value of dot1x handshake-period is 60 seconds.
Usage
If handshake period was changed when handshake was already enabled, it will take into effect immediately for online users.
Examples
The following is sample output from the dot1x handshake-period command:
Switch# configure terminal
Switch(config)# interface eth-0-1
Switch(config-if)# dot1x timeout handshake-period 100
Related Commands
dot1x handshake
dot1x max-req
11.13.9. dot1x reauthentication
Command Purpose
Use the dot1x reauthentication interface configuration command on the switch to enable periodic re-authentication of the client. Use the no form of this command to return to the default setting.
Prerequisites
Platform |
Software |
License |
Comments |
|---|---|---|---|
AQ-N3000 |
7.0 |
Base |
|
AQ-N5000 |
7.0 |
Base |
|
AQ-N6000 |
7.0 |
Base |
Command Syntax
dot1x reauthentication
no dot1x reauthentication
Command Mode
Interface Configuration
Default
None
Usage
The default setting of dot1x re-authentication is disabled. when the re-authentication is disabled, the configuration of the re-authenticate timeout should not take effect.
Examples
The following is sample output from the dot1x reauthentication command:
Switch# configure terminal
Switch(config)# interface eth-0-1
Switch(config-if)# dot1x reauthentication
Related Commands
show dot1x
dot1x timeout
11.13.10. dot1x re-authenticate
Command Purpose
Use the dot1x re-authenticate privileged EXEC command on the switch stack to manually initiate a re-authentication of the specified IEEE 802.1x-enabled port.
Prerequisites
Platform |
Software |
License |
Comments |
|---|---|---|---|
AQ-N3000 |
7.0 |
Base |
|
AQ-N5000 |
7.0 |
Base |
|
AQ-N6000 |
7.0 |
Base |
Command Syntax
dot1x re-authenticate interface IFNAME
Parameter |
Parameter Description |
Parameter Value |
|---|---|---|
IFNAME |
The interface to re-authenticate |
This function supports routed port and access port, and Does not support trunk port |
Command Mode
Privileged EXEC
Default
None
Usage
You can use this command to re-authenticate a client without waiting for the configured number of seconds between re-authentication attempts (re-authperiod) and automatic re-authentication.
Examples
The following is sample output from the dot1x re-authenticate command:
Switch# dot1x re-authenticate interface eth-0-1
Related Commands
show dot1x
11.13.11. dot1x timeout
Command Purpose
Use the dot1x timeout interface configuration command on the switch stack or on a standalone switch to set IEEE 802.1x timers. Use the no form of this command to return to the default setting.
Prerequisites
Platform |
Software |
License |
Comments |
|---|---|---|---|
AQ-N3000 |
7.0 |
Base |
|
AQ-N5000 |
7.0 |
Base |
|
AQ-N6000 |
7.0 |
Base |
Command Syntax
dot1x timeout ( re-authperiod SECONDS | server-timeout SECONDS | supp-timeout SECONDS | tx-period SECONDS )
no dot1x timeout ( reauth-period | server-timeout | supp-timeout | tx-period )
Parameter |
Parameter Description |
Parameter Value |
|---|---|---|
re-authperiod SECONDS |
Set the number of seconds between reauthentication attempts. |
60-65535 seconds |
server-timeout SECONDS |
Number of seconds that the switch waits for the retransmission of packets by the switch to the authentication server. |
1-65535 seconds |
supp-timeout SECONDS |
Number of seconds that the switch waits for the retransmission of packets by the switch to the IEEE 802.1x client. |
1-65535 seconds |
tx-period SECONDS |
Number of seconds that the switch waits for a response to anEAP-request/identityframe from the client before retransmitting the request. |
1-65535 seconds |
Command Mode
Interface Configuration
Default
None
Usage
You should change the default value of this command only to adjust for unusual circumstances such as unreliable links or specific behavioral problems with certain clients and authentication servers.
The dot1x timeout re-authperiod interface configuration command affects the behavior of the switch only if you have enabled periodic re-authentication by using the dot1x reauthentication interface configuration command.
The default value of re-authperiod is 3600 seconds.
The default value of tx-period is 30 seconds.
The default value of supp-timeout is 30 seconds.
The default value of server-timeout is 30 seconds.
Examples
The following is sample output from the dot1x timeout command:
Switch# configure terminal
Switch(config)# interface eth-0-1
Switch(config-if)# dot1x reauthentication
Switch(config-if)# dot1x timeout reauth-period 4000
Related Commands
dot1x reauthentication
show dot1x
11.13.12. dot1x guest-vlan
Command Purpose
Use the dot1x guest-vlan interface configuration command to specify an active VLAN as an 802.1x guest VLAN. Use the no form of this command to return to the default setting.
Prerequisites
Platform |
Software |
License |
Comments |
|---|---|---|---|
AQ-N3000 |
7.0 |
Base |
|
AQ-N5000 |
7.0 |
Base |
|
AQ-N6000 |
7.0 |
Base |
Command Syntax
dot1x guest-vlan VLAN_ID
no dot1x guest-vlan
Parameter |
Parameter Description |
Parameter Value |
|---|---|---|
VLAN_ID |
Specify an active VLAN as an 802.1x guest VLAN. |
2-4094 |
Command Mode
Interface Configuration
Default
No guest VLAN is configured.
Usage
When you configure a guest VLAN, clients that are not 802.1x-capable are put into the guest VLAN when the server does not receive a response to its Extensible Authentication Protocol over LAN (EAPOL) request/identity frame. Clients that are 802.1x-capable but fail authentication are not granted access to the network.
The guest VLAN feature is not supported on internal VLANs (routed ports) or trunk ports; it is supported only on access ports
Examples
This example shows how to specify VLAN 5 as an 802.1x guest VLAN:
Switch# configure terminal
Switch(config)# vlan database
Switch(config-vlan)# vlan 5
Switch(config-vlan)# exit
Switch(config)# interface eth-0-1
Switch(config-if)# switchport mode access
Switch(config-if)# dot1x port-control auto
Switch(config-if)# dot1x guest-vlan 5
Related Commands
show dot1x
11.13.13. show dot1x
Command Purpose
Use the show dot1x user EXEC command to display IEEE 802.1x session configuration, administrative status, and operational status for the switch or for the specified port.
Prerequisites
Platform |
Software |
License |
Comments |
|---|---|---|---|
AQ-N3000 |
7.0 |
Base |
|
AQ-N5000 |
7.0 |
Base |
|
AQ-N6000 |
7.0 |
Base |
Command Syntax
show dot1x interface IFNAME
show dot1x session brief ( ( interface IFPHYSICAL ( mac MACADDR | ) ) | )
show dot1x ( all | )
Parameter |
Parameter Description |
Parameter Value |
|---|---|---|
IFNAME |
Specify an interface |
Support physical ports |
MACADDR |
Specify mac address |
MAC Address in HHHH.HHHH.HHHH format |
all |
Display IEEE 802.1x information of all interfaces |
- |
Command Mode
Privileged EXEC
Default
None
Usage
N/A
Examples
The following is sample output from the show dot1x command:
Switch# show dot1x all
Switch# show dot1x all
802.1X Port-Based Authentication Enabled
=====================================
802.1X info for interface eth-0-2
portEnabled : false
portControl : Auto
portMode : Port based
portStatus : Unauthorized
Mac Auth bypass : disabled
reAuthenticate : enabled
reAuthPeriod : 3600
Max user number : 255
Current session number : 0
Accept user number : 0
Reject user number : 0
Guest VLAN : N/A
Assign VLAN : N/A
QuietPeriod : 60
ReqMax : 2
TxPeriod : 30
SuppTimeout : 30
ServerTimeout : 30
CD: adminControlledDirections : in
CD: operControlledDirections : in
CD: bridgeDetected : false
========================================
Related Commands
dot1x system-auth-ctrl
dot1x port-control
11.13.14. show dot1x statistics
Command Purpose
Use the show dot1x user EXEC command to display IEEE 802.1x EAPOL packets statistics,for the switch or for the specified port.
Prerequisites
Platform |
Software |
License |
Comments |
|---|---|---|---|
AQ-N3000 |
7.0 |
Base |
|
AQ-N5000 |
7.0 |
Base |
|
AQ-N6000 |
7.0 |
Base |
Command Syntax
show dot1x statistics interface IFNAME
show dot1x statistics ( all | )
Parameter |
Parameter Description |
Parameter Value |
|---|---|---|
IFNAME |
Specify an interface |
Support physical ports |
all |
Display IEEE 802.1x information of all interfaces |
- |
Command Mode
Privileged EXEC
Default
None
Usage
N/A
Examples
The following is sample output from the show dot1x command:
Switch# show dot1x statistics interface eth-0-1
802.1X statistics for interface eth-0-1
EAPOL Frames Rx: 0 - EAPOL Frames Tx: 323
EAPOL Start Frames Rx: 0 - EAPOL Logoff Frames Rx: 0
EAP Rsp/Id Frames Rx: 0 - EAP Response Frames Rx: 0
EAP Req/Id Frames Tx: 241 - EAP Request Frames Tx: 0
Invalid EAPOL Frames Rx: 0 - EAP Length Error Frames Rx: 0
EAPOL Last Frame Version Rx: 0 - EAPOL Last Frame Src: 0000.0000.0000
Related Commands
dot1x system-auth-ctrl
dot1x port-control
11.13.15. debug dot1x
Command Purpose
Use this command to turn on the debug switches of dot1x module.
To restore the default, use the no form of this command
Prerequisites
Platform |
Software |
License |
Comments |
|---|---|---|---|
AQ-N3000 |
7.0 |
Base |
|
AQ-N5000 |
7.0 |
Base |
|
AQ-N6000 |
7.0 |
Base |
Command Syntax
debug dot1x ( event | timer | packet | all )
no debug dot1x ( event | timer | packet | all )
Parameter |
Parameter Description |
Parameter Value |
|---|---|---|
event |
put out the debug message of dot1x events |
- |
timer |
put out the debug message of dot1x timer information |
- |
packet |
put out the debug message of dot1x packets information, include sent and received |
- |
all |
put out all debug message mentioned above |
- |
Command Mode
Privileged EXEC
Default
None
Usage
Use command “terminal monitor” to make debug messages print on the VTY immediately.
Use command “show logging buffer” to check the debug messages in the logging buffer.
Examples
The following is sample to open dot1x debug switches:
Switch# debug dot1x all
Related Commands
terminal monitor
show logging buffer
11.13.16. clear dot1x statistics
Command Purpose
Use the clear dot1x user EXEC command to clear the IEEE 802.1x statistics for the switch or for the specified port.
Prerequisites
Platform |
Software |
License |
Comments |
|---|---|---|---|
AQ-N3000 |
7.0 |
Base |
|
AQ-N5000 |
7.0 |
Base |
|
AQ-N6000 |
7.0 |
Base |
Command Syntax
clear dot1x statistics ( all | )
Parameter |
Parameter Description |
Parameter Value |
|---|---|---|
all |
Display IEEE 802.1x information of all interfaces |
- |
Command Mode
Privileged EXEC
Default
None
Usage
Use the command “clear dot1x” to clear the IEEE 802.1x statistics for the switch or for the specified port.
Use the command “show dot1x” to display the IEEE 802.1x statistics.
Examples
The following is sample to using the clear dot1x command:
Switch# clear dot1x statistics
Switch# clear dot1x session-statistics
Related Commands
dot1x system-auth-ctrl
dot1x port-control
show dot1x
11.13.17. dot1x port-mode
Command Purpose
Use the “dot1x port-mode” command to set control mode of the interface.
Use the no form of this command to restore the default value.
Prerequisites
Platform |
Software |
License |
Comments |
|---|---|---|---|
AQ-N3000 |
7.0 |
Base |
|
AQ-N5000 |
7.0 |
Base |
|
AQ-N6000 |
7.0 |
Base |
Command Syntax
dot1x port-mode ( port | mac )
no dot1x port-mode
Parameter |
Parameter Description |
Parameter Value |
|---|---|---|
port |
Set dot1x port based |
- |
mac |
Set dot1x mac based |
- |
Command Mode
Interface Configuration
Default
By default the mode is port based.
Usage
Use the “dot1x port-mode” command to set control mode of the interface.
Use the no form of this command to restore the default value.
dot1x port-control must be enabled before set the control mode.
The control mode cannot be changed if there are users on line.
Examples
The following is a sample to use the dot1x port-mode command:
Switch# configure terminal
Switch(config)# interface eth-0-1
Switch(config-if)# dot1x port-mode mac
Related Commands
dot1x port-control
11.13.18. dot1x max-user
Command Purpose
Use the “dot1x max-user” command to set max user of the interface.
Use the no form of this command to restore the default value.
Prerequisites
Platform |
Software |
License |
Comments |
|---|---|---|---|
AQ-N3000 |
7.0 |
Base |
|
AQ-N5000 |
7.0 |
Base |
|
AQ-N6000 |
7.0 |
Base |
Command Syntax
dot1x max-user COUNT
no dot1x max-user
Parameter |
Parameter Description |
Parameter Value |
|---|---|---|
COUNT |
Max user number of the port |
1-255 |
Command Mode
Interface Configuration
Default
By default the user number is uncontrolled on port. The max number is according to the system hardware profile.
Usage
Use the “dot1x max-user” command to set max user of the interface.
Use the no form of this command to restore the default value.
dot1x port-control must be enabled before set the max value.
If there are users online, the set value should be larger than or at least be same as the users count.
The set value cannot be larger than the hardware resource count.
This count should limit the number of dot1x mac based user in state “accept” , “reject” and “reauth”, which should use hardware table for forwarding or discarding. The total number of users include “waiting” states should be 2 times as this configuration.
Examples
The following is a sample to use the dot1x max-user command:
Switch# configure terminal
Switch(config)# interface eth-0-1
Switch(config-if)# dot1x max-user 10
Related Commands
dot1x port-control
11.13.19. dot1x re-active radius-server
Command Purpose
Use the “dot1x re-active” command to active the specified radius servers.
Prerequisites
Platform |
Software |
License |
Comments |
|---|---|---|---|
AQ-N3000 |
7.0 |
Base |
|
AQ-N5000 |
7.0 |
Base |
|
AQ-N6000 |
7.0 |
Base |
Command Syntax
dot1x re-active radius-server ( host HOST_IP_ADDR ( auth-port PORT | ) | interface IFNAME | all )
Parameter |
Parameter Description |
Parameter Value |
|---|---|---|
host HOST_IP_ADDR |
Re-active the radius-server by server ip |
IPv4 Address |
PORT |
Re-active the radius-server by server ip and udp port. If the auth port is not specified the default port is 1812. |
1-65535 |
IFNAME |
Re-active the radius-servers by IEEE 802.1x client`s interface |
This function supports routed port and access port, and Does not support trunk port |
all |
Re-active all radius-servers |
- |
Command Mode
Privileged EXEC
Default
None
Usage
Use this command to active the radius server. Users do not need the wait for the radius-server dead time with this command.
Examples
The following is samples to use the dot1x re-active radius-server command:
Switch# dot1x re-activate radius-server
Switch# dot1x re-activate radius-server host 3.3.3.3 auth-port 1812
Switch# dot1x re-activate radius-server interface eth-0-9
Related Commands
radius-server host
radius-server deadtime
show radius-server
11.13.20. dot1x accounting-mode radius
Command Purpose
Use the dot1x accounting-mode radius to globally start the dot1x accounting feature.
To remove this configure, use no form of this command.
Prerequisites
Platform |
Software |
License |
Comments |
|---|---|---|---|
AQ-N3000 |
7.0 |
Base |
|
AQ-N5000 |
7.0 |
Base |
|
AQ-N6000 |
7.0 |
Base |
Command Syntax
dot1x accounting-mode radius
no dot1x accounting-mode
Command Mode
Global Config
Default
Disable
Usage
Use this command to globally start the dot1x accounting feature. This command does not take effect immediately for users who are already online.
Examples
The following is a sample to use the dot1x accounting-mode radius command:
Switch# configure terminal
Switch(config)# dot1x accounting-mode radius
Switch(config)# no dot1x accounting-mode
Related Commands
None
11.13.21. dot1x accounting start-fail
Command Purpose
Use the dot1x accounting start-fail to globally configure the policy when start accounting fail.
To restore the default, use no form of this command.
Prerequisites
Platform |
Software |
License |
Comments |
|---|---|---|---|
AQ-N3000 |
7.0 |
Base |
|
AQ-N5000 |
7.0 |
Base |
|
AQ-N6000 |
7.0 |
Base |
Command Syntax
dot1x accounting start-fail ( offline | online )
no dot1x accounting start-fail
Parameter |
Parameter Description |
Parameter Value |
|---|---|---|
offline |
Confiure start-fail policy: reject user to be online after start fail. |
- |
online |
Confiure start-fail policy: accept user to be online after start fail. |
- |
Command Mode
Global Config
Default
offline
Usage
Device sends accounting start packet to accounting server after user is online, start-fail policy will be performed when received no response from accoungting server. This command does not take effect immediately for users who are already online.
Examples
The following is a sample to use the dot1x accounting start-fail command:
Switch# configure terminal
Switch(config)# dot1x accounting start-fail online
Switch(config)# no dot1x start-fail
Related Commands
dot1x accounting-mode radius
11.13.22. dot1x accounting realtime
Command Purpose
Use the dot1x accounting realtime to globally start the dot1x realtime accounting feature and set realtime accounting interval.
To remove this configure, use no form of this command.
Prerequisites
Platform |
Software |
License |
Comments |
|---|---|---|---|
AQ-N3000 |
7.0 |
Base |
|
AQ-N5000 |
7.0 |
Base |
|
AQ-N6000 |
7.0 |
Base |
Command Syntax
dot1x accounting realtime INTERVAL
no dot1x accounting realtime
Parameter |
Parameter Description |
Parameter Value |
|---|---|---|
INTERVAL |
To set interval for sending realtime accounting packet |
1-65535 minute |
Command Mode
Global Config
Default
The default interval of dot1x realtime accounting is not configuerd, which means realtime is disabled.
Usage
Use this command to globally start the dot1x realtime accounting feature or modify realtime accounting interval. This command does not take effect immediately for users who are already online.
Examples
The following is a sample to use the dot1x accounting realtime radius command:
Switch# configure terminal
Switch(config)# dot1x accounting realtime 1
Switch(config)# no dot1x accounting realtime
Related Commands
dot1x accounting-mode radius
11.13.23. dot1x accounting interim-fail
Command Purpose
Use the dot1x accounting interim-fail to globally configure max accepted periods of no response for the dot1x realtime accounting request, and set policy for realtime accounting fail.
To restore the default, use no form of this command.
Prerequisites
Platform |
Software |
License |
Comments |
|---|---|---|---|
AQ-N3000 |
7.0 |
Base |
|
AQ-N5000 |
7.0 |
Base |
|
AQ-N6000 |
7.0 |
Base |
Command Syntax
dot1x accounting interim-fail ( max-times TIMES | ) ( offline | online )
no dot1x accounting interim-fail
Parameter |
Parameter Description |
Parameter Value |
|---|---|---|
TIMES |
Configure accepted max times for no response for accounting realtime request |
1-255 |
offline |
Confiure interim-fail policy: reject user to be online after interim fail. |
- |
online |
Confiure interim-fail policy: accept user to be online after interim fail. |
- |
Command Mode
Global Config
Default
The default policy is max-times 3 online for interim-fail
Usage
Only continuous interim-fails will be counted. This command does not take effect immediately for users who are already online.
Examples
The following is a sample to use the dot1x accounting interim-fail command:
Switch# configure terminal
Switch(config)# dot1x accounting interim-fail max-times 2 offline
Switch(config)# no dot1x accounting interim-fail
Related Commands
dot1x accounting-mode radius dot1x accounting realtime