set port type wired-auth 101
Usage — You cannot set a port’s type if the port is a member of a port
VLAN. To remove a port from a VLAN, use the clear vlan command. To
reset a port as a network port, use the clear port type command.
When you change port type, MSS applies default settings appropriate for
the port type. Table 18 lists the default settings that MSS applies when
you set a port’s type to ap.
For 802.1X clients, wired authentication works only if the clients are
directly attached to the wired authentication port, or are attached
through a hub that does not block forwarding of packets from the client
to the PAE group address (01:80:c2:00:00:03).
Wired authentication works in accordance with the 802.1X specification,
which prohibits a client from sending traffic directly to an authenticator’s
MAC address until the client is authenticated. Instead of sending traffic to
the authenticator’s MAC address, the client sends packets to the PAE
group address.
The 802.1X specification prohibits networking devices from forwarding
PAE group address packets, because this would make it possible for
multiple authenticators to acquire the same client.
For non-802.1X clients, who use MAC authentication, WebAAA, or
last-resort authentication, wired authentication works if the clients are
directly attached or indirectly attached.
Table 18 Wired Authentication Port Details
Port Parameter Setting
VLAN membership Removed from all VLANs. You cannot assign a MAP access
port to a VLAN. MSS automatically assigns MAP access ports
to VLANs based on user traffic.
Spanning Tree
Protocol (STP)
Not applicable
802.1X Uses authentication parameters configured for users.
Port groups Not applicable
IGMP snooping Enabled as users are authenticated and join VLANs.
Maximum user sessions 1 (one).
Fallthru authentication
type
None