Setting the port authorization state

The port authorization state determines whether the client is granted access to the network. You can control the authorization state of a port by using the dot1x port-control command and the following keywords:

authorized-force—Places the port in the authorized state, enabling users on the port to access the network without authentication.
unauthorized-force—Places the port in the unauthorized state, denying any access requests from users on the port.
auto—Places the port initially in the unauthorized state to allow only EAPOL packets to pass. After a user passes authentication, sets the port in the authorized state to allow access to the network. You can use this option in most scenarios.

You can set the authorization state for one port in Layer 2 Ethernet interface view or for multiple ports in system view. If different authorization states are set for a port in system view and Layer 2 Ethernet interface view, the one set later takes effect.

To set the authorization state of a port:

Step	Command	Remarks
1. Enter system view.	system-view	N/A
2. Set the port authorization state.	(Approach 1) In system view:dot1x port-control { authorized-force \| auto \| unauthorized-force } [ interface interface-list ] (Approach 2) In Layer 2 Ethernet interface view: interface interface-type interface-number dot1x port-control { authorized-force \| auto \| unauthorized-force }	Use either approach. By default, auto applies.

Step

Command

Remarks

1. Enter system view.

system-view

N/A

2. Set the port authorization state.

(Approach 1) In system view:dot1x port-control { authorized-force | auto | unauthorized-force } [ interface interface-list ]
(Approach 2) In Layer 2 Ethernet interface view:
1. interface interface-type interface-number
2. dot1x port-control { authorized-force | auto | unauthorized-force }

Use either approach.

By default, auto applies.

prev	up	next
Enabling EAP relay or EAP termination	home	Specifying an access control method