Table of Contents

1 802.1X Configuration Commands· 1-1

802.1X Configuration Commands· 1-1

display dot1x· 1-1

dot1x· 1-4

dot1x authentication-method· 1-5

dot1x handshake· 1-6

dot1x mandatory-domain· 1-6

dot1x max-user 1-7

dot1x multicast-trigger 1-8

dot1x port-control 1-9

dot1x port-method· 1-10

dot1x quiet-period· 1-11

dot1x re-authenticate· 1-11

dot1x retry· 1-12

dot1x supp-proxy-check· 1-13

dot1x timer 1-14

reset dot1x statistics· 1-15

 

 

802.1X Configuration Commands

display dot1x

Syntax

display dot1x [ sessions | statistics ] [ interface interface-list ]

View

Any view

Default Level

1: Monitor level

Parameters

sessions: Displays 802.1X session information.

statistics: Displays 802.1X statistics.

interface interface-list: Specifies a list of ports. The interface-list argument is in the format of interface-list = { interface-type interface-number [ to interface-type interface-number ] } & <1-10>, where interface-type represents the port type, interface-number represents the port number, and & <1-10> means that you can provide up to 10 port indexes/port index lists for this argument. The start port number must be smaller than the end port number and the two ports must be of the same type.

Description

Use the display dot1x command to display information about 802.1X.

If you specify neither the sessions keyword nor the statistics keyword, the command displays all information about 802.1X, including session information, statistics, and configurations.

Related commands: reset dot1x statistics, dot1x, dot1x retry, dot1x max-user, dot1x port-control, dot1x port-method, and dot1x timer.

Examples

# Display all information about 802.1X.

<Sysname> display dot1x

Equipment 802.1X protocol is enabled

CHAP authentication is enabled

Proxy trap checker is disabled

Proxy logoff checker is disabled

 

Configuration: Transmit Period     30 s,  Handshake Period       15 s

               Quiet Period        60 s,  Quiet Period Timer is disabled

               Supp Timeout        30 s,  Server Timeout         100 s

               Reauth Period       3600 s

               The maximal retransmitting times          3

                                                                          

The maximum 802.1X user resource number is 128 per slot

Total current used 802.1X resource number is 0

 

   802.1X protocol is enabled

   Proxy trap checker is   disabled

   Proxy logoff checker is disabled

   Handshake is enabled

   Periodic reauthentication is disabled

   The port is an authenticator

   Authentication Mode is Auto

   Port Control Type is Mac-based

   802.1X Multicast-trigger is enabled

   Mandatory authentication domain: NOT configured

   Guest VLAN: NOT configured

   Auth-Fail VLAN: NOT configured

   Max number of on-line users is 128

 

   EAPOL Packet: Tx 188, Rx 55

   Sent EAP Request/Identity Packets : 129

        EAP Request/Challenge Packets: 14

        EAP Success Packets: 2, Fail Packets: 37

   Received EAPOL Start Packets : 10

            EAPOL LogOff Packets: 3

            EAP Response/Identity Packets : 21

            EAP Response/Challenge Packets: 20

            Error Packets: 0

 1. Unauthenticated user : MAC address: 000e-35b2-8be9

 

   Controlled User(s) amount to 1  

Table 1-1 display dot1x command output description

Field	Description
Equipment 802.1X protocol is enabled	Indicates whether 802.1X is enabled globally
CHAP authentication is enabled	Indicates whether CHAP authentication is enabled
Proxy trap checker is disabled	Indicates whether the AP is configured to send a trap packet when detecting that a user is trying to log on through a proxy
Proxy logoff checker is disabled	Indicates whether the AP is configured to log off users when they are trying to log on through a proxy
Transmit Period	Setting of the username request timeout timer
Handshake Period	Setting of the handshake timer
Reauth Period	Setting of the periodic re-authentication timer
Quiet Period	Setting of the quiet timer
Quiet Period Timer is disabled	Indicates whether the quiet timer is enabled
Supp Timeout	Setting of the client timeout timer
Server Timeout	Setting of the server timeout timer
The maximal retransmitting times	Maximum number of attempts for the AP to send authentication requests to the client
The maximum 802.1X user resource number per slot	Maximum number of clients supported per board
Total current used 802.1X resource number	Total number of online users
WLAN-BSS1 is link-up	Status of WLAN-BSS interface 1
802.1X protocol is disabled	Indicates whether 802.1X is enabled on the port
Proxy trap checker is disabled	Indicates whether the port is configured to send a trap packet when detecting that a user is trying to log on through a proxy
Proxy logoff checker is disabled	Indicates whether the port is configured to log off users when they are trying to log on through a proxy
Handshake is disabled	Indicates whether handshake is enabled  on the port
Periodic reauthentication is disabled	Indicates whether periodic re-authentication is enabled on the port
The port is an authenticator	Role of the port
Authenticate Mode is Auto	Access control mode for the port
802.1X Multicast-trigger is enabled	Indicates whether the 802.1X multicast-trigger function is enabled
Mandatory authentication domain	Mandatory authentication domain for users accessing the port
Port Control Type is Mac-based	Access control method for the port
Max number of on-line user	Maximum number of users supported on the port
EAPOL Packet	Counts of EAPOL packets sent (Tx) and received (Rx)
Sent EAP Request/Identity Packets	Number of EAP Request/Identity packets sent
EAP Request/Challenge Packets	Number of EAP Request/Challenge packets sent
EAP Success Packets	Number of EAP Success packets sent
Received EAPOL Start Packets	Number of EAPOL Start packets received
EAPOL LogOff Packets	Number of EAPOL LogOff packets received
EAP Response/Identity Packets	Number of EAP Response/Identity packets received
EAP Response/Challenge Packets	Number of EAP Response/Challenge packets received
Error Packets	Number of erroneous packets received
Authenticated user	User that has passed the authentication
Controlled User(s) amount	Number of controlled users on the port

 

dot1x

Syntax

In system view:

dot1x [ interface interface-list ]

undo dot1x [ interface interface-list ]

In interface view:

dot1x

undo dot1x

View

System view, Ethernet interface view

Default Level

2: System level

Parameters

interface interface-list: Specifies a port list, which can contain multiple ports. The interface-list argument is in the format of interface-list = { interface-type interface-number [ to interface-type interface-number ] } & <1-10>, where interface-type represents the port type, interface-number represents the port number, and & <1-10> means that you can provide up to 10 port indexes/port index lists for this argument. The start port number must be smaller than the end number and the two ports must be of the same type.

Description

Use the dot1x command in system view to enable 802.1X globally.

Use the undo dot1x command in system view to disable 802.1X globally.

Use the dot1x interface interface-list command in system view or the dot1x command in interface view to enable 802.1X for specified ports.

Use the undo dot1x interface interface-list command in system view or the undo dot1x command in interface view to disable 802.1X for specified ports.

By default, 802.1X is neither enabled globally nor enabled for any port.

Currently, you can configure 802.1X on wired Ethernet interfaces.

802.1X must be enabled both globally in system view and for the intended ports in system view or interface view. Otherwise, it does not function.

You can configure 802.1X parameters either before or after enabling 802.1X. Default values will be adopted for parameters not configured before you enable 802.1X globally.

Related commands: display dot1x.

Examples

# Enable 802.1X for ports WLAN-BSS 1 and WLAN-BSS 2.

<Sysname> system-view

[Sysname] dot1x interface WLAN-BSS 1 to WLAN-BSS 2

# Or

<Sysname> system-view

[Sysname] interface WLAN-BSS 1

[Sysname-WLAN-BSS1] dot1x

[Sysname-WLAN-BSS1] quit

[Sysname] interface WLAN-BSS 2

[Sysname-WLAN-BSS2] dot1x

[Sysname-WLAN-BSS2] quit

# Enable 802.1X globally.

<Sysname> system-view

[Sysname] dot1x

dot1x authentication-method

Syntax

dot1x authentication-method { chap | eap | pap }

undo dot1x authentication-method

View

System view

Default Level

2: System level

Parameters

chap: Authenticates clients using CHAP.

eap: Authenticates clients using EAP.

pap: Authenticates clients using PAP.

Description

Use the dot1x authentication-method command to set the 802.1X authentication method.

Use the undo dot1x authentication-method command to restore the default.

By default, CHAP is used.

The password authentication protocol (PAP) transports passwords in clear text.

The challenge handshake authentication protocol (CHAP) transports only usernames over the network. Compared with PAP, CHAP provides better security.

With EAP relay authentication, the AP encapsulates 802.1X user information in the EAP attributes of RADIUS packets and sends the packets to the RADIUS server for authentication; it does not need to repackage the EAP packets into standard RADIUS packets for authentication. In this case, you can configure the user-name-format command but it does not take effect. For more information about the user-name-format command, see AAA in the Security Command Reference.

Local authentication supports only PAP and CHAP.

For RADIUS authentication, the RADIUS server must be configured accordingly to support PAP, CHAP, or EAP authentication.

Related commands: display dot1x.

Examples

# Set the 802.1X authentication method to PAP.

<Sysname> system-view

[Sysname] dot1x authentication-method pap

dot1x handshake

Syntax

dot1x handshake

undo dot1x handshake

View

Ethernet interface view, WLAN-BSS interface view

Default Level

2: System level

Parameters

None

Description

Use the dot1x handshake command to enable the online user handshake function so that the AP can periodically send handshake messages to the client to check whether a user is online.

Use the undo dot1x handshake command to disable the function.

By default, the function is enabled.

The 802.1X proxy detection function depends on the online user handshake function. Be sure to enable handshake before enabling proxy detection and to disable proxy detection before disabling handshake.

Examples

# Enable online user handshake.

<Sysname> system-view

[Sysname] interface WLAN-BSS 1

[Sysname-WLAN-BSS1] dot1x handshake

dot1x mandatory-domain

Syntax

dot1x mandatory-domain domain-name

undo dot1x mandatory-domain

View

Ethernet interface view, WLAN-BSS interface view

Default Level

2: System level

Parameters

domain-name: ISP domain name, a case-insensitive string of 1 to 24 characters.

Description

Use the dot1x mandatory-domain command to specify the mandatory authentication domain for users accessing the port.

Use the undo dot1x mandatory-domain command to remove the mandatory authentication domain.

By default, no mandatory authentication domain is specified.

When authenticating an 802.1X user trying to access the port, the system selects an authentication domain in the following order: the mandatory domain, the ISP domain specified in the username, and the default ISP domain.

The specified mandatory authentication domain must exist.

On a port configured with a mandatory authentication domain, the user domain name displayed by the display connection command is the name of the mandatory authentication domain. For more information about the display connection command, see AAA in the Security Command Reference.

Related commands: display dot1x.

Examples

# Configure the mandatory authentication domain my-domain for 802.1X users on port WLAN-BSS 1.

<Sysname> system-view

[Sysname] interface WLAN-BSS 1

[Sysname-WLAN-BSS1] dot1x mandatory-domain my-domain

After 802.1X user usera passes the authentication, execute the display connection command to display the user connection information on port WLAN-BSS 1. For more information about the command, see AAA in the Security Command Reference.

[Sysname-WLAN-BSS1] display connection interface WLAN-BSS 1

 

Index=68  ,Username=usera@my-domian

MAC=0015-e9a6-7cfe   ,IP=3.3.3.3

 Total 1 connection(s) matched.

dot1x max-user

Syntax

In system view:

dot1x max-user user-number [ interface interface-list ]

undo dot1x max-user [ interface interface-list ]

In interface view:

dot1x max-user user-number

undo dot1x max-user

View

System view, Ethernet interface view, WLAN-BSS interface view

Default Level

2: System level

Parameters

user-number: Maximum number of users to be supported simultaneously. The value ranges from 1 to 128 and defaults to 128.

interface interface-list: Specifies a port list, which can contain multiple ports. The interface-list argument is in the format of interface-list = { interface-type interface-number [ to interface-type interface-number ] } & <1-10>, where interface-type represents the port type, interface-number represents the port number, and & <1-10> means that you can provide up to 10 port indexes/port index lists for this argument. The start port number must be smaller than the end number and the two ports must be of the same type.

Description

Use the dot1x max-user command to set the maximum number of users to be supported simultaneously for specified or all ports.

Use the undo dot1x max-user command to restore the default.

With no interface specified, the command sets the threshold for all ports.

Related commands: display dot1x.

Examples

# Set the maximum number of users for port WLAN-BSS 1 to support simultaneously as 32.

<Sysname> system-view

[Sysname] dot1x max-user 32 interface WLAN-BSS 1

# Or

<Sysname> system-view

[Sysname] interface WLAN-BSS 1

[Sysname-WLAN-BSS1] dot1x max-user 32

dot1x multicast-trigger

Syntax

dot1x multicast-trigger

undo dot1x multicast-trigger

View

Ethernet interface view, WLAN-BSS interface view

Default Level

2: System level

Parameters

None

Description

Use the dot1x multicast-trigger command to enable the multicast trigger function of 802.1X to send multicast trigger messages to the clients periodically.

Use the undo dot1x multicast-trigger command to disable this function.

By default, the multicast trigger function is enabled.

Related commands: display dot1x.

Examples

# Disable the multicast trigger function for port WLAN-BSS 1.

<Sysname> system-view

[Sysname] interface WLAN-BSS 1

[Sysname-WLAN-BSS1] undo dot1x multicast-trigger

dot1x port-control

Syntax

In system view:

dot1x port-control { authorized-force | auto | unauthorized-force } [ interface interface-list ]

undo dot1x port-control [ interface interface-list ]

In interface view:

dot1x port-control { authorized-force | auto | unauthorized-force }

undo dot1x port-control

View

System view, Ethernet interface view, WLAN-BSS interface view

Default Level

2: System level

Parameters

authorized-force: Places the specified or all ports in the authorized state, allowing users of the ports to access the network without authentication.

auto: Places the specified or all ports in the unauthorized state initially to allow only EAPOL frames to pass, and turns the ports into the authorized state to allow access to the network after the users pass authentication. This is the most common choice.

unauthorized-force: Places the specified or all ports in the unauthorized state, denying any access requests from users of the ports.

interface interface-list: Specifies an Ethernet port list, which can contain multiple Ethernet ports. The interface-list argument is in the format of interface-list = { interface-type interface-number [ to interface-type interface-number ] } & <1-10>, where interface-type represents the port type, interface-number represents the port number, and & <1-10> means that you can provide up to 10 port indexes/port index lists for this argument. The start port number must be smaller than the end number and the two ports must be of the same type.

Description

Use the dot1x port-control command to set the access control mode for specified or all ports.

Use the undo dot1x port-control command to restore the default.

The default access control mode is auto.

Related commands: display dot1x.

Examples

# Set the access control mode of port WLAN-BSS 1 to unauthorized-force.

<Sysname> system-view

[Sysname] dot1x port-control unauthorized-force interface WLAN-BSS 1

Or

<Sysname> system-view

[Sysname] interface WLAN-BSS 1

[Sysname-WLAN-BSS1] dot1x port-control unauthorized-force

dot1x port-method

Syntax

In system view:

dot1x port-method { macbased | portbased } [ interface interface-list ]

undo dot1x port-method [ interface interface-list ]

In interface view:

dot1x port-method { macbased | portbased }

undo dot1x port-method

View

System view, Ethernet interface view, WLAN-BSS interface view

Default Level

2: System level

Parameters

macbased: Specifies to use the macbased authentication method. With this method, each user of a port must be authenticated separately, and when an authenticated user goes offline, no other users are affected.

portbased: Specifies to use the portbased authentication method. With this method, after the first user of a port passes authentication, all other users of the port can access the network without authentication, and when the first user goes offline, all other users get offline at the same time.

interface interface-list: Specifies a port list, which can contain multiple ports. The interface-list argument is in the format of interface-list = { interface-type interface-number [ to interface-type interface-number ] } & <1-10>, where interface-type represents the port type, interface-number represents the port number, and & <1-10> means that you can provide up to 10 port indexes/port index lists for this argument. The start port number must be smaller than the end number and the two ports must be of the same type.

Description

Use the dot1x port-method command to set the access control method for specified or all ports.

Use the undo dot1x port-method command to restore the default.

The default access control method is macbased.

Related commands: display dot1x.

Examples

# Set the access control method to portbased for port WLAN-BSS 1.

<Sysname> system-view

[Sysname] dot1x port-method portbased interface WLAN-BSS 1

Or

<Sysname> system-view

[Sysname] interface WLAN-BSS 1

[Sysname-WLAN-BSS1] dot1x port-method portbased

dot1x quiet-period

Syntax

dot1x quiet-period

undo dot1x quiet-period

View

System view

Default Level

2: System level

Parameters

None

Description

Use the dot1x quiet-period command to enable the quiet timer function.

Use the undo dot1x quiet-period command to disable the function.

By default, the function is disabled.

After a client fails the authentication, the AP refuses further authentication requests from the client in the period dictated by the quiet timer.

Related commands: display dot1x and dot1x timer.

Examples

# Enable the quiet timer.

<Sysname> system-view

[Sysname] dot1x quiet-period

dot1x re-authenticate

Syntax

dot1x re-authenticate

undo dot1x re-authenticate

View

Ethernet interface view, WLAN-BSS interface view

Default Level

2: System level

Parameters

None

Description

Use the dot1x re-authenticate command to enable the periodic re-authentication function.

Use the undo dot1x re-authenticate command to restore the default.

By default, this function is disabled.

After periodic re-authentication is enabled on a port, the AP will perform 802.1X authentication for online users on the port at the interval specified by the periodic re-authentication timer (which is configured by the dot1x timer reauth-period command). This is intended to track the connection status of online users and update the authorization attributes assigned by the server, such as the ACL, VLAN, and QoS Profile, ensuring that the users are in normal online state.

Related commands: dot1x timer reauth-period.

Examples

# Enable the 802.1X re-authentication function on port WLAN-BSS 1 and configure the periodic re-authentication interval as 1800 seconds.

<Sysname> system-view

[Sysname] dot1x timer reauth-period 1800

[Sysname] interface WLAN-BSS 1

[Sysname-WLAN-BSS1] dot1x re-authenticate

dot1x retry

Syntax

dot1x retry max-retry-value

undo dot1x retry

View

System view

Default Level

2: System level

Parameters

max-retry-value: Maximum number of attempts to send an authentication request to a client, in the range 1 to 10.

Description

Use the dot1x retry command to set the maximum number of attempts to send an authentication request to a client.

Use the undo dot1x retry command to restore the default.

By default, the AP can send an authentication request to a client twice at most.

After sending an authentication request to a client, the AP may retransmit the request if it does not receive any response at an interval specified by the username request timeout timer or client timeout timer. The number of retransmission attempts is one less than the value set by this command.

Related commands: display dot1x.

Examples

# Set the maximum number of attempts to send an authentication request to a client as 9.

<Sysname> system-view

[Sysname] dot1x retry 9

dot1x supp-proxy-check

Syntax

In system view:

dot1x supp-proxy-check { logoff | trap } [ interface interface-list ]

undo dot1x supp-proxy-check { logoff | trap } [ interface interface-list ]

In interface view:

dot1x supp-proxy-check { logoff | trap }

undo dot1x supp-proxy-check { logoff | trap }

View

System view, Ethernet interface view, WLAN-BSS interface view

Default Level

2: System level

Parameters

logoff: Gets offline any user trying to log in through a proxy.

trap: Sends a trap to the network management system when detecting that a user is trying to log in through a proxy.

interface interface-list: Specifies a port list, which can contain multiple ports. The interface-list argument is in the format of interface-list = { interface-type interface-number [ to interface-type interface-number ] } & <1-10>, where interface-type represents the port type, interface-number represents the port number, and & <1-10> means that you can provide up to 10 port indexes/port index lists for this argument. The start port number must be smaller than the end number and the two ports must be of the same type.

Description

Use the dot1x supp-proxy-check command to enable detection and control of users logging in through proxies for specified or all ports.

Use the undo dot1x supp-proxy-check command to disable the function for specified or all ports.

By default, the function is disabled, that is, the AP does not detect or control users logging in through proxies.

This function requires the cooperation of the 802.1X client program by H3C.

In system view, this command enables detection and control of users’ login for all ports with interface-list not provided, and enables detection and control of users’ login for specified ports with interface-list provided.

In interface view, you cannot specify the interface-list argument and can only enable detection and control of users’ login for the current port.

This function must be enabled both globally in system view and for the intended ports in system view or interface view. Otherwise, it does not work.

Related commands: display dot1x.

Examples

# Specify ports WLAN-BSS 1 to WLAN-BSS 2 to get users offline when they are trying to log in through proxies.

<Sysname> system-view

[Sysname] dot1x supp-proxy-check logoff

[Sysname] dot1x supp-proxy-check logoff interface WLAN-BSS 1 to WLAN-BSS 2

# Specify port WLAN-BSS 1 to send a trap packet when detecting that a user is trying to log in through a proxy.

<Sysname> system-view

[Sysname] dot1x supp-proxy-check trap

[Sysname] dot1x supp-proxy-check trap interface WLAN-BSS 1

Or

<Sysname> system-view

[Sysname] dot1x supp-proxy-check trap

[Sysname] interface WLAN-BSS 1

[Sysname-WLAN-BSS1] dot1x supp-proxy-check trap

dot1x timer

Syntax

dot1x timer { handshake-period handshake-period-value | quiet-period quiet-period-value | reauth-period reauth-period-value | server-timeout server-timeout-value | supp-timeout supp-timeout-value | tx-period tx-period-value }

undo dot1x timer { handshake-period | quiet-period | reauth-period | server-timeout | supp-timeout | tx-period }

View

System view

Default Level

2: System level

Parameters

handshake-period-value: Setting for the handshake timer in seconds. It ranges from 5 to 1024 and defaults to 15.

quiet-period-value: Setting for the quiet timer in seconds. It ranges from 10 to 120 and defaults to 60.

reauth-period-value: Setting for the periodic re-authentication timer in seconds. It ranges from 60 to 7200 and defaults to 3600.

server-timeout-value: Setting for the server timeout timer in seconds. It ranges from 100 to 300 and defaults to 100.

supp-timeout-value: Setting for the supplicant (client) timeout timer in seconds. It ranges from 1 to 120 and defaults to 30.

tx-period-value: Setting for the username request timeout timer in seconds. It ranges from 10 to 120 and defaults to 30.

Description

Use the dot1x timer command to set 802.1X timers.

Use the undo dot1x timer command to restore the defaults.

Several timers are used in the 802.1X authentication process to guarantee that the clients, the AP, and the RADIUS server interact with each other in a reasonable manner. You can use this command to set these timers:

l          Handshake timer (handshake-period): After a client passes authentication, the AP sends to the client handshake requests at this interval to check whether the client is online. If the AP receives no response after sending the allowed maximum number of handshake requests, it considers that the client is offline.

l          Quiet timer (quiet-period): When a client fails the authentication, the AP refuses further authentication requests from the client in this period of time.

l          Periodic re-authentication timer (reauth-period): If you enable periodic re-authentication on a port (with the dot1x re-authenticate command), the AP will re-authenticate online users on the port at the interval specified by this timer. If you change the re-authentication interval when there are users online, the AP will continue to re-authenticate such users according to the original re-authentication interval setting for one time. Then the AP will use the new interval for re-authentication of all online users.

l          Server timeout timer (server-timeout): Once an AP sends a RADIUS Access-Request packet to the authentication server, it starts this timer. If this timer expires but it receives no response from the server, it retransmits the request.

l          Supplicant timeout timer (supp-timeout): Once an AP sends an EAP-Request/MD5 Challenge frame to a client, it starts this timer. If this timer expires but it receives no response from the client, it retransmits the request.

l          Username request timeout timer (tx-period): Once an AP sends an EAP-Request/Identity frame to a client, it starts this timer. If this timer expires but it receives no response from the client, it retransmits the request. In addition, to be compatible with clients that do not send EAPOL-Start requests unsolicitedly, the AP multicasts EAP-Request/Identity frame periodically to detect the clients, with the multicast interval defined by tx-period.

Generally, it is unnecessary to change the timers unless in some special or extreme network environments. The modified timers take effect immediately after the modification.

Related commands: display dot1x.

Examples

# Set the server timeout timer to 150 seconds.

<Sysname> system-view

[Sysname] dot1x timer server-timeout 150

reset dot1x statistics

Syntax

reset dot1x statistics [ interface interface-list ]

View

User view

Default Level

2: System level

Parameters

interface interface-list: Specifies a list of ports. The interface-list argument is in the format of interface-list = { interface-type interface-number [ to interface-type interface-number ] } & <1-10>, where interface-type represents the port type, interface-number represents the port number, and & <1-10> means that you can provide up to 10 port indexes/port index lists for this argument. The start port number must be smaller than the end port number and the two ports must be of the same type.

Description

Use the reset dot1x statistics command to clear 802.1X statistics.

With the interface interface-list argument specified, the command clears 802.1X statistics on the specified ports. With the argument unspecified, the command clears global 802.1X statistics and 802.1X statistics on all ports.

Related commands: display dot1x.

Examples

# Clear 802.1X statistics on port WLAN-BSS 1.

<Sysname> reset dot1x statistics interface WLAN-BSS 1