Alcatel Carrier Internetworking Solutions 6600 User Manual
User Documentation Addendum
show 802.1x non-supp
Release 5.1.6.R02 User Guide Supplement
June 2005
page 1-17
->show 802.1x users
Slot MAC Port User
Port Address
State Name
-----+------------------+--------------------+-------------------------
3/1 00:60:4f:11:22:33
Connecting
user50
3/1
00:60:4f:44:55:66 Held
user51
3/1
00:60:4f:77:88:99 Authenticated
user52
3/3
00:60:22:15:22:33 Force-authenticated
N/A
3/3
00:60:22:44:75:66 Force-authenticated
N/A
3/3
00:60:22:37:98:09 Force-authenticated
N/A
Optional. To display the number of non-802.1x users learned on the switch, use the
->show 802.1x non-supp
Slot MAC Vlan
Port Address Learned
-----+-----------------+----------
3/1
00:61:4f:11:22:33 2
3/1
00:61:4f:44:55:66 2
3/1 00:61:4f:77:88:99
2
3/3 00:61:22:15:22:33
5
3/3 00:61:22:44:75:66 5
See the OmniSwitch CLI Reference Guide for information about the fields in this display.
New Section, page 21-5
The following section should be added to page 21-5:
Guest VLANs for Non-802.1x Supplicants
For those supplicants that are not 802.1x devices—do not send/receive EAP frames—an optional guest
VLAN feature is available to allow traffic from these devices on an 802.1x port. If the user-defined guest
VLAN is not available, then traffic from a non-802.1x device is dropped.
VLAN feature is available to allow traffic from these devices on an 802.1x port. If the user-defined guest
VLAN is not available, then traffic from a non-802.1x device is dropped.
The switch determines whether or not a device is an 802.1x supplicant by sending EAP-Request/Identity
frames on the 802.1x port every 0.5 seconds for a configurable number of times. If no EAP frames are
received from a device after the specified number of attempts, the device is determined to be a non-802.1x
supplicant and is learned on the guest VLAN configured for that port. If no guest VLAN is available, then
the non-802.1x supplicant is blocked from accessing the 802.1x port and no further attempts are made to
solicit EAP frames from the device.
frames on the 802.1x port every 0.5 seconds for a configurable number of times. If no EAP frames are
received from a device after the specified number of attempts, the device is determined to be a non-802.1x
supplicant and is learned on the guest VLAN configured for that port. If no guest VLAN is available, then
the non-802.1x supplicant is blocked from accessing the 802.1x port and no further attempts are made to
solicit EAP frames from the device.
Note the following when using guest VLANs:
• Non-802.1x clients learned on a guest VLAN are dropped if an 802.1x client successfully authenti-
cates on the same port. This is due to a one VLAN per port restriction (either 802.1x VLAN or guest
VLAN assignment but not both) As a result, using a hub connection to provide access for multiple
users to an 802.1x port is not recommended.
VLAN assignment but not both) As a result, using a hub connection to provide access for multiple
users to an 802.1x port is not recommended.
• 802.1x supplicants that fail authentication are not eligible for guest VLAN access. This type of VLAN
access is only for those devices identified as non-802.1x supplicants that have not made any attempt to
authenticate.
authenticate.