config switch-controller security-policy 802-1X
Description: Configure 802.1x MAC Authentication Bypass (MAB) policies.
edit <name>
set security-mode [802.1X|802.1X-mac-based]
set user-group <name1>, <name2>, ...
set mac-auth-bypass [disable|enable]
set open-auth [disable|enable]
set eap-passthru [disable|enable]
set eap-auto-untagged-vlans [disable|enable]
set guest-vlan [disable|enable]
set guest-vlan-id {string}
set guest-auth-delay {integer}
set auth-fail-vlan [disable|enable]
set auth-fail-vlan-id {string}
set framevid-apply [disable|enable]
set radius-timeout-overwrite [disable|enable]
set policy-type {option}
set authserver-timeout-period {integer}
set authserver-timeout-vlan [disable|enable]
set authserver-timeout-vlanid {string}
next
end
Parameter Name | Description | Type | Size |
---|---|---|---|
security-mode | Port or MAC based 802.1X security mode. 802.1X: 802.1X port based authentication. 802.1X-mac-based: 802.1X MAC based authentication. |
option | - |
user-group <name> |
Name of user-group to assign to this MAC Authentication Bypass (MAB) policy. Group name. |
string | Maximum length: 79 |
mac-auth-bypass | Enable/disable MAB for this policy. disable: Disable MAB. enable: Enable MAB. |
option | - |
open-auth | Enable/disable open authentication for this policy. disable: Disable open authentication. enable: Enable open authentication. |
option | - |
eap-passthru | Enable/disable EAP pass-through mode, allowing protocols (such as LLDP) to pass through ports for more flexible authentication. disable: Disable EAP pass-through mode on this interface. enable: Enable EAP pass-through mode on this interface. |
option | - |
eap-auto-untagged-vlans | Enable/disable automatic inclusion of untagged VLANs. disable: Disable automatic inclusion of untagged VLANs. enable: Enable automatic inclusion of untagged VLANs. |
option | - |
guest-vlan | Enable the guest VLAN feature to allow limited access to non-802.1X-compliant clients. disable: Disable guest VLAN on this interface. enable: Enable guest VLAN on this interface. |
option | - |
guest-vlan-id | Guest VLAN name. | string | Maximum length: 15 |
guest-auth-delay | Guest authentication delay (1 - 900 sec, default = 30). | integer | Minimum value: 1 Maximum value: 900 |
auth-fail-vlan | Enable to allow limited access to clients that cannot authenticate. disable: Disable authentication fail VLAN on this interface. enable: Enable authentication fail VLAN on this interface. |
option | - |
auth-fail-vlan-id | VLAN ID on which authentication failed. | string | Maximum length: 15 |
framevid-apply | Enable/disable the capability to apply the EAP/MAB frame VLAN to the port native VLAN. disable: Disable the capability to apply the EAP/MAB frame VLAN to the port native VLAN. enable: Enable the capability to apply the EAP/MAB frame VLAN to the port native VLAN. |
option | - |
radius-timeout-overwrite | Enable to override the global RADIUS session timeout. disable: Override the global RADIUS session timeout. enable: Use the global RADIUS session timeout. |
option | - |
policy-type | Policy type. 802.1X: 802.1X security policy. |
option | - |
authserver-timeout-period | Authentication server timeout period (3 - 15 sec, default = 3). | integer | Minimum value: 3 Maximum value: 15 |
authserver-timeout-vlan | Enable/disable the authentication server timeout VLAN to allow limited access when RADIUS is unavailable. disable: Disable authentication server timeout VLAN on this interface. enable: Enable authentication server timeout VLAN on this interface. |
option | - |
authserver-timeout-vlanid | Authentication server timeout VLAN name. | string | Maximum length: 15 |
config switch-controller security-policy 802-1X
Description: Configure 802.1x MAC Authentication Bypass (MAB) policies.
edit <name>
set security-mode [802.1X|802.1X-mac-based]
set user-group <name1>, <name2>, ...
set mac-auth-bypass [disable|enable]
set open-auth [disable|enable]
set eap-passthru [disable|enable]
set eap-auto-untagged-vlans [disable|enable]
set guest-vlan [disable|enable]
set guest-vlan-id {string}
set guest-auth-delay {integer}
set auth-fail-vlan [disable|enable]
set auth-fail-vlan-id {string}
set framevid-apply [disable|enable]
set radius-timeout-overwrite [disable|enable]
set policy-type {option}
set authserver-timeout-period {integer}
set authserver-timeout-vlan [disable|enable]
set authserver-timeout-vlanid {string}
next
end
Parameter Name | Description | Type | Size |
---|---|---|---|
security-mode | Port or MAC based 802.1X security mode. 802.1X: 802.1X port based authentication. 802.1X-mac-based: 802.1X MAC based authentication. |
option | - |
user-group <name> |
Name of user-group to assign to this MAC Authentication Bypass (MAB) policy. Group name. |
string | Maximum length: 79 |
mac-auth-bypass | Enable/disable MAB for this policy. disable: Disable MAB. enable: Enable MAB. |
option | - |
open-auth | Enable/disable open authentication for this policy. disable: Disable open authentication. enable: Enable open authentication. |
option | - |
eap-passthru | Enable/disable EAP pass-through mode, allowing protocols (such as LLDP) to pass through ports for more flexible authentication. disable: Disable EAP pass-through mode on this interface. enable: Enable EAP pass-through mode on this interface. |
option | - |
eap-auto-untagged-vlans | Enable/disable automatic inclusion of untagged VLANs. disable: Disable automatic inclusion of untagged VLANs. enable: Enable automatic inclusion of untagged VLANs. |
option | - |
guest-vlan | Enable the guest VLAN feature to allow limited access to non-802.1X-compliant clients. disable: Disable guest VLAN on this interface. enable: Enable guest VLAN on this interface. |
option | - |
guest-vlan-id | Guest VLAN name. | string | Maximum length: 15 |
guest-auth-delay | Guest authentication delay (1 - 900 sec, default = 30). | integer | Minimum value: 1 Maximum value: 900 |
auth-fail-vlan | Enable to allow limited access to clients that cannot authenticate. disable: Disable authentication fail VLAN on this interface. enable: Enable authentication fail VLAN on this interface. |
option | - |
auth-fail-vlan-id | VLAN ID on which authentication failed. | string | Maximum length: 15 |
framevid-apply | Enable/disable the capability to apply the EAP/MAB frame VLAN to the port native VLAN. disable: Disable the capability to apply the EAP/MAB frame VLAN to the port native VLAN. enable: Enable the capability to apply the EAP/MAB frame VLAN to the port native VLAN. |
option | - |
radius-timeout-overwrite | Enable to override the global RADIUS session timeout. disable: Override the global RADIUS session timeout. enable: Use the global RADIUS session timeout. |
option | - |
policy-type | Policy type. 802.1X: 802.1X security policy. |
option | - |
authserver-timeout-period | Authentication server timeout period (3 - 15 sec, default = 3). | integer | Minimum value: 3 Maximum value: 15 |
authserver-timeout-vlan | Enable/disable the authentication server timeout VLAN to allow limited access when RADIUS is unavailable. disable: Disable authentication server timeout VLAN on this interface. enable: Enable authentication server timeout VLAN on this interface. |
option | - |
authserver-timeout-vlanid | Authentication server timeout VLAN name. | string | Maximum length: 15 |