Alcatel-Lucent 6850-48 Reference Guide
802.1X Commands
page 59-10
OmniSwitch CLI Reference Guide
September 2009
• When authentication does return a VLAN ID that exists in the switch configuration, the supplicant is
assigned to that VLAN and no further classification is performed.
• If this command is used without specifying any of the optional policy keywords or a pass/fail parame-
ter (e.g. 802.1x 1/10 supplicant authentication), the resulting policy will block supplicants if success-
ful 802.1x authentication does not return a VLAN ID, returns a VLAN ID that does not exist, or
authentication fails.
ful 802.1x authentication does not return a VLAN ID, returns a VLAN ID that does not exist, or
authentication fails.
• When multiple parameters are configured, the policy is referred to as a compound supplicant policy.
Such policies use the pass and fail parameters to specify which policies to use when 802.1x authentica-
tion is successful and which to use when it fails.
tion is successful and which to use when it fails.
• The pass keyword is implied and therefore an optional keyword. If the fail keyword is not used, the
default action is to block the device when authentication fails.
• The order in which parameters are specified determines the order in which they are applied. However,
this type of policy must end with either the default-vlan, block, or captive-portal parameters, referred
to as terminal parameters (or policies). This applies to both pass and fail policies. If a terminal parame-
ter is not specified, the block parameter is used by default.
to as terminal parameters (or policies). This applies to both pass and fail policies. If a terminal parame-
ter is not specified, the block parameter is used by default.
• If the captive-portal parameter is specified with this command, then the Captive Portal authentication
policy is applied to supplicant traffic. See the
command
page for more information.
• A User Network Profile (UNP) specifies a VLAN assignment for the device, whether or not Host
Integrity Check (HIC) is required for the device, and if any QoS access control list (ACL) policies are
applied to the device. See the
applied to the device. See the
command page for information about how to
create a UNP.
• Configuring supplicant classification policies is only supported on 802.1x enabled mobile ports.
• Each 802.1x port can have one supplicant policy and one non-supplicant policy for handling 802.1x
and non-802.1x devices, respectively. Configuring a new supplicant or non-supplicant policy over-
writes any policies that may already exist for the port.
writes any policies that may already exist for the port.
Examples
-> 802.1x 3/1 supplicant policy authentication
-> 802.1x 4/1 supplicant policy authentication vlan 27 default-vlan
-> 802.1x 5/1 supplicant policy authentication group-mobility captive-portal
-> 802.1x 5/10 supplicant policy authentication pass group-mobility default-vlan
fail vlan 43 block
-> 802.1x 6/1 supplicant policy authentication pass group-mobility default-vlan
fail captive-portal
-> 802.1x 4/10 supplicant policy authentication pass user-network-profile fail
captive-portal
Release History
Release 6.1.2; command was introduced.
Release 6.3.4; user-network-profile, captive-portal parameters added.
Release 6.3.4; user-network-profile, captive-portal parameters added.