OcNOS-SP : NetConf Command Reference : NetConf Reference : IPI-AUTHENTICATION
IPI-AUTHENTICATION
Configure mac authentication
Use this attribute to enable MAC authentication globally. If MAC authentication is not enabled, other MAC authentication related commands throw an error when issued.
This command is supported when following feature are enabled HAVE_AUTHD feature
Attribute Name: mac-authentication
Attribute Type: empty
Netconf edit-config payload
<authentication xmlns="http://www.ipinfusion.com/yang/ocnos/ipi-authentication">
<global>
<config>
</mac-authentication><!-- operation="delete"-->
</config>
</global>
</authentication>
Command Syntax
auth-mac system-auth-ctrl
Configure dot1x authentication
Use this attribute to enable globally authentication.
This command is supported when following feature are enabled HAVE_AUTHD feature
Attribute Name: dot1x-authentication
Attribute Type: empty
Netconf edit-config payload
<authentication xmlns="http://www.ipinfusion.com/yang/ocnos/ipi-authentication">
<global>
<config>
</dot1x-authentication><!-- operation="delete"-->
</config>
</global>
</authentication>
Command Syntax
dot1x system-auth-ctrl
Configure dot1x control
Use this attribute to enable or disable the 802.1X authentication control on an interface.
This command is supported when following feature are enabled HAVE_AUTHD feature
Attribute Name: dot1x-control
Attribute Type: enum (force-unauthorized|force-authorized|auto)
Netconf edit-config payload
<authentication xmlns="http://www.ipinfusion.com/yang/ocnos/ipi-authentication">
<dot1x-interfaces>
<dot1x-interface>
<name>WORD</name>
<config>
<name>WORD</name>
</config>
<dot1x-control>force-authorized</dot1x-control>
</dot1x-interface>
</dot1x-interfaces>
</authentication>
Command Syntax
dot1x port-control (force-unauthorized|force-authorized|auto)
Configure protocol version
Use this attribute to set the protocol version of dot1x to 1 or 2. The protocol version must be synchronized with the Xsupplicant being used in that interface.
This command is supported when following feature are enabled HAVE_AUTHD feature
Attribute Name: protocol-version
Attribute Type: enum (1|2)
Netconf edit-config payload
<authentication xmlns="http://www.ipinfusion.com/yang/ocnos/ipi-authentication">
<dot1x-interfaces>
<dot1x-interface>
<name>WORD</name>
<config>
<name>WORD</name>
</config>
<protocol-version>2</protocol-version> <!-- operation="delete"-->
</dot1x-interface>
</dot1x-interfaces>
</authentication>
Command Syntax
dot1x protocol-version (1|2)
Configure quiet period
Use this attribute to set the quiet-period time interval.When a switch cannot authenticate a client, the switch remains idle for a quiet-period interval of time, then tries again. By administratively changing the quiet-period interval, by entering a lower number than the default, a faster response time can be provided
This command is supported when following feature are enabled HAVE_AUTHD feature
Attribute Name: quiet-period
Attribute Type: uint16
Attribute Range: 1-65535
Netconf edit-config payload
<authentication xmlns="http://www.ipinfusion.com/yang/ocnos/ipi-authentication">
<dot1x-interfaces>
<dot1x-interface>
<name>WORD</name>
<config>
<name>WORD</name>
</config>
<authenticator-pae>
<config>
<quiet-period>1</quiet-period> <!-- operation="delete"-->
</config>
</authenticator-pae>
</dot1x-interface>
</dot1x-interfaces>
</authentication>
Command Syntax
dot1x quiet-period <1-65535>
Configure max reauth value
Use this attribute to set the maximum reauthentication value, which sets the maximum number of reauthentication attempts after which the port will be unauthorized.
This command is supported when following feature are enabled HAVE_AUTHD feature
Attribute Name: max-reauth-value
Attribute Type: uint8
Attribute Range: 1-10
Netconf edit-config payload
<authentication xmlns="http://www.ipinfusion.com/yang/ocnos/ipi-authentication">
<dot1x-interfaces>
<dot1x-interface>
<name>WORD</name>
<config>
<name>WORD</name>
</config>
<authenticator-pae>
<config>
<max-reauth-value>1</max-reauth-value> <!-- operation="delete"-->
</config>
</authenticator-pae>
</dot1x-interface>
</dot1x-interfaces>
</authentication>
Command Syntax
dot1x reauthMax <1-10>
Configure interval period
Use this attribute to set the interval between successive attempts to request an ID.
This command is supported when following feature are enabled HAVE_AUTHD feature
Attribute Name: interval-period
Attribute Type: uint16
Attribute Range: 1-65535
Netconf edit-config payload
<authentication xmlns="http://www.ipinfusion.com/yang/ocnos/ipi-authentication">
<dot1x-interfaces>
<dot1x-interface>
<name>WORD</name>
<config>
<name>WORD</name>
</config>
<authenticator-pae>
<config>
<interval-period>1</interval-period> <!-- operation="delete"-->
</config>
</authenticator-pae>
</dot1x-interface>
</dot1x-interfaces>
</authentication>
Command Syntax
dot1x timeout tx-period <1-65535>
Configure reauthentication period
Use this attribute to set the interval between reauthorization attempts.
This command is supported when following feature are enabled HAVE_AUTHD feature
Attribute Name: reauthentication-period
Attribute Type: uint32
Attribute Range: 1-4294967295
Netconf edit-config payload
<authentication xmlns="http://www.ipinfusion.com/yang/ocnos/ipi-authentication">
<dot1x-interfaces>
<dot1x-interface>
<name>WORD</name>
<config>
<name>WORD</name>
</config>
<reauthentication-timer>
<config>
<reauthentication-period>1</reauthentication-period> <!-- operation="delete"-->
</config>
</reauthentication-timer>
</dot1x-interface>
</dot1x-interfaces>
</authentication>
Command Syntax
dot1x timeout re-authperiod <1-4294967295>
Configure enable reauthentication
Use this attribute to enable reauthentication on a port.
This command is supported when following feature are enabled HAVE_AUTHD feature
Attribute Name: enable-reauthentication
Attribute Type: empty
Netconf edit-config payload
<authentication xmlns="http://www.ipinfusion.com/yang/ocnos/ipi-authentication">
<dot1x-interfaces>
<dot1x-interface>
<name>WORD</name>
<config>
<name>WORD</name>
</config>
<reauthentication-timer>
<config>
</enable-reauthentication><!-- operation="delete"-->
</config>
</reauthentication-timer>
</dot1x-interface>
</dot1x-interfaces>
</authentication>
Command Syntax
dot1x reauthentication
Configure enable mac auth bypass
Use this attribute to enable/disable mac-auth-bypass on a port.
This command is supported when following feature are enabled HAVE_AUTHD feature
Attribute Name: enable-mac-auth-bypass
Attribute Type: enum (enable|disable)
Netconf edit-config payload
<authentication xmlns="http://www.ipinfusion.com/yang/ocnos/ipi-authentication">
<dot1x-interfaces>
<dot1x-interface>
<name>WORD</name>
<config>
<name>WORD</name>
</config>
<reauthentication-timer>
<config>
<enable-mac-auth-bypass>enable</enable-mac-auth-bypass> <!-- operation="delete"-->
</config>
</reauthentication-timer>
</dot1x-interface>
</dot1x-interfaces>
</authentication>
Command Syntax
dot1x mac-auth-bypass (enable|disable)
Configure supplicant timeout
Use this attribute to set the interval for a supplicant to respond.
This command is supported when following feature are enabled HAVE_AUTHD feature
Attribute Name: supplicant-timeout
Attribute Type: uint16
Attribute Range: 1-65535
Netconf edit-config payload
<authentication xmlns="http://www.ipinfusion.com/yang/ocnos/ipi-authentication">
<dot1x-interfaces>
<dot1x-interface>
<name>WORD</name>
<config>
<name>WORD</name>
</config>
<authenticator-be>
<config>
<supplicant-timeout>1</supplicant-timeout> <!-- operation="delete"-->
</config>
</authenticator-be>
</dot1x-interface>
</dot1x-interfaces>
</authentication>
Command Syntax
dot1x timeout supp-timeout <1-65535>
Configure server timeout
Use this attribute to set the authentication server response timeout.
This command is supported when following feature are enabled HAVE_AUTHD feature
Attribute Name: server-timeout
Attribute Type: uint16
Attribute Range: 1-65535
Netconf edit-config payload
<authentication xmlns="http://www.ipinfusion.com/yang/ocnos/ipi-authentication">
<dot1x-interfaces>
<dot1x-interface>
<name>WORD</name>
<config>
<name>WORD</name>
</config>
<authenticator-be>
<config>
<server-timeout>1</server-timeout> <!-- operation="delete"-->
</config>
</authenticator-be>
</dot1x-interface>
</dot1x-interfaces>
</authentication>
Command Syntax
dot1x timeout server-timeout <1-65535>
Configure mac control
Use this attribute to enable or disable the MAC authentication control on an interface.
This command is supported when following feature are enabled MAC_AUTH feature,HAVE_AUTHD feature
Attribute Name: mac-control
Attribute Type: empty
Netconf edit-config payload
<authentication xmlns="http://www.ipinfusion.com/yang/ocnos/ipi-authentication">
<mac-interfaces>
<mac-interface>
<name>WORD</name>
<config>
<name>WORD</name>
</config>
</mac-control>
</mac-interface>
</mac-interfaces>
</authentication>
Command Syntax
auth-mac
Configure mac mode
Use this attribute to enable or disable the MAC authentication mode on an interface.
This command is supported when following feature are enabled MAC_AUTH feature,HAVE_AUTHD feature
Attribute Name: mac-mode
Attribute Type: enum (filter|shutdown)
Netconf edit-config payload
<authentication xmlns="http://www.ipinfusion.com/yang/ocnos/ipi-authentication">
<mac-interfaces>
<mac-interface>
<name>WORD</name>
<config>
<name>WORD</name>
</config>
<mac-mode>shutdown</mac-mode> <!-- operation="delete"-->
</mac-interface>
</mac-interfaces>
</authentication>
Command Syntax
auth-mac mode (filter|shutdown)
Configure dynamic vlan creation
Use this attribute to enable or disable dynamic VLAN creation after successful MAC authentication.
This command is supported when following feature are enabled MAC_AUTH feature,HAVE_AUTHD feature
Attribute Name: dynamic-vlan-creation
Attribute Type: empty
Netconf edit-config payload
<authentication xmlns="http://www.ipinfusion.com/yang/ocnos/ipi-authentication">
<mac-interfaces>
<mac-interface>
<name>WORD</name>
<config>
<name>WORD</name>
</config>
</dynamic-vlan-creation><!-- operation="delete"-->
</mac-interface>
</mac-interfaces>
</authentication>
Command Syntax
auth-mac dynamic-vlan-creation
Configure mac address aging
Use this attribute to either enable or disable MAC aging. When enabled, a MAC entry is added to the forwarding database, with aging time equal to the bridge aging time. Otherwise, the MAC entry will not be aged out. If MAC aging is disabled, the MAC entry will not be aged out
This command is supported when following feature are enabled MAC_AUTH feature,HAVE_AUTHD feature
Attribute Name: mac-address-aging
Attribute Type: empty
Netconf edit-config payload
<authentication xmlns="http://www.ipinfusion.com/yang/ocnos/ipi-authentication">
<mac-interfaces>
<mac-interface>
<name>WORD</name>
<config>
<name>WORD</name>
</config>
</mac-address-aging><!-- operation="delete"-->
</mac-interface>
</mac-interfaces>
</authentication>
Command Syntax
auth-mac mac-aging
Configure options
Use this attribute to turn on or turn off 802.1x debugging at various levels.
This command is supported when following feature are enabled HAVE_AUTHD feature
Attribute Name: options
Attribute Type: bits (event|timer|packet|nsm|all)
Netconf edit-config payload
<authentication xmlns="http://www.ipinfusion.com/yang/ocnos/ipi-authentication">
<debug>
<config>
<options>event</options> <!-- operation="delete"-->
</config>
</debug>
</authentication>
Command Syntax
debug dot1x (event|timer|packet|nsm|all)
dot1x initialize interface IFNAME
Attribute Name: name
Attribute Type: string
Attribute Range: 1-33
Netconf RPC payload
<dot1x-authentication-initialize-interface xmlns="http://www.ipinfusion.com/yang/ocnos/ipi-authentication">
<name>IFNAME</name>
</dot1x-authentication-initialize-interface>
Command Syntax
dot1x initialize interface IFNAME
snmp restart auth
Netconf RPC payload
<dot1x-authentication-snmp-restart xmlns="http://www.ipinfusion.com/yang/ocnos/ipi-authentication"/>
Command Syntax
snmp restart auth
debug dot1x (event|timer|packet|nsm|all)
Attribute Name: terminal-debug-options
Attribute Type: bits (event|timer|packet|nsm|all)
Netconf RPC payload
<dot1x-authentication-terminal-debug-on xmlns="http://www.ipinfusion.com/yang/ocnos/ipi-authentication">
<terminal-debug-options>event</terminal-debug-options>
</dot1x-authentication-terminal-debug-on>
Command Syntax
debug dot1x (event|timer|packet|nsm|all)
no debug dot1x (event|timer|packet|nsm|all)
Attribute Name: terminal-debug-options
Attribute Type: bits (event|timer|packet|nsm|all)
Netconf RPC payload
<dot1x-authentication-terminal-debug-off xmlns="http://www.ipinfusion.com/yang/ocnos/ipi-authentication">
<terminal-debug-options>event</terminal-debug-options>
</dot1x-authentication-terminal-debug-off>
Command Syntax
no debug dot1x (event|timer|packet|nsm|all)
Last modified date: 08/22/2023