802.1x Qns

leowchongwei · ‎11-04-2003

Hello,

got some qns here after reading the ccnp switching guide... a command like this :

switch(config-if)# dot1x port-control {force-authorized | force-unauthorized | auto}

force-authorized : The port is forced to always authorize any connected client. No authentication is necessary. Default state...

Qns 1 : got difference btw authorize and authenticate ? if no authentication, what for authorize?

force-unauthorized : The port is forced to never authorize any connected client. As a result, the port cannot move to the authorized state to pass traffic to a connected client.

Qns 2 : Isn't it the same as shutdown the port? what's the point here?

Thanks in advance

engel · ‎11-05-2003

I think it is only wording issue. "dot1x port-control force-authorized" means that you don`t need to authenticate the PC using any kind of EAP authentication. Verified on a 2950 switch.

It is not shutdown the port. I can connected my PC to the "force-authorized" dot1x port without need to authenticate.

Best Regards,

Engel

leowchongwei · ‎11-05-2003

Hi Engel,

sorry but i dun get wat u mean here...

For Qns 1 : if dun authenticate the PC, what's the whole purpose of port control then?

For Qns 2 : it's force-unauthorized... and the text says "the port cannot move to the authorized state to pass traffic to a connected client". So, no traffic is being passed... ???

I was thinking i might as well dun use port-control if there's no need for authentication... and if "force-unauthorized" never authenticate and do not pass traffic, i can simply shutdown the port...

Thanks

-Steven-