config switch-controller security-policy 802-1X
Configure 802.1x MAC Authentication Bypass (MAB) policies.
config switch-controller security-policy 802-1X
Description: Configure 802.1x MAC Authentication Bypass (MAB) policies.
edit <name>
set security-mode [802.1X|802.1X-mac-based]
set user-group <name1>, <name2>, ...
set mac-auth-bypass [disable|enable]
set open-auth [disable|enable]
set eap-passthru [disable|enable]
set guest-vlan [disable|enable]
set guest-vlan-id {string}
set guest-auth-delay {integer}
set auth-fail-vlan [disable|enable]
set auth-fail-vlan-id {string}
set framevid-apply [disable|enable]
set radius-timeout-overwrite [disable|enable]
set policy-type {option}
next
end
config switch-controller security-policy 802-1X
Parameter |
Description |
Type |
Size |
|||||||
---|---|---|---|---|---|---|---|---|---|---|
security-mode |
Port or MAC based 802.1X security mode. |
option |
- |
|||||||
|
|
|||||||||
user-group |
Name of user-group to assign to this MAC Authentication Bypass (MAB) policy. Group name. |
string |
Maximum length: 79 |
|||||||
mac-auth-bypass |
Enable/disable MAB for this policy. |
option |
- |
|||||||
|
|
|||||||||
open-auth |
Enable/disable open authentication for this policy. |
option |
- |
|||||||
|
|
|||||||||
eap-passthru |
Enable/disable EAP pass-through mode, allowing protocols (such as LLDP) to pass through ports for more flexible authentication. |
option |
- |
|||||||
|
|
|||||||||
guest-vlan |
Enable the guest VLAN feature to allow limited access to non-802.1X-compliant clients. |
option |
- |
|||||||
|
|
|||||||||
guest-vlan-id |
Guest VLAN name. |
string |
Not Specified |
|||||||
guest-auth-delay |
Guest authentication delay . |
integer |
Minimum value: 1 Maximum value: 900 |
|||||||
auth-fail-vlan |
Enable to allow limited access to clients that cannot authenticate. |
option |
- |
|||||||
|
|
|||||||||
auth-fail-vlan-id |
VLAN ID on which authentication failed. |
string |
Not Specified |
|||||||
framevid-apply |
Enable/disable the capability to apply the EAP/MAB frame VLAN to the port native VLAN. |
option |
- |
|||||||
|
|
|||||||||
radius-timeout-overwrite |
Enable to override the global RADIUS session timeout. |
option |
- |
|||||||
|
|
|||||||||
policy-type |
Policy type. |
option |
- |
|||||||
|
|