Alcatel-Lucent 6850-48 Reference Guide
802.1X Commands
page 59-12
OmniSwitch CLI Reference Guide
September 2009
802.1x non-supplicant policy authentication
Configures a non-supplicant device classification policy for an 802.1x port. This type of policy uses MAC
authentication via a remote RADIUS server. A non-supplicant is a device that does not support using the
802.1x protocol for authentication.
authentication via a remote RADIUS server. A non-supplicant is a device that does not support using the
802.1x protocol for authentication.
802.1x slot/port non-supplicant policy authentication [[pass] {group-mobility | user-network-profile
profile_name | vlan vid | default-vlan | block | captive-portal}] [[fail] {group-mobility | user-network-
profile profile_name | vlan vid | default-vlan | block | captive-portal}]
profile_name | vlan vid | default-vlan | block | captive-portal}] [[fail] {group-mobility | user-network-
profile profile_name | vlan vid | default-vlan | block | captive-portal}]
Syntax Definitions
slot/port
The slot and port number of the 802.1x port.
pass
Indicates which policies to apply if MAC authentication is successful
but does not return a VLAN ID or the VLAN ID returned does not exist.
but does not return a VLAN ID or the VLAN ID returned does not exist.
fail
Indicates which policies to apply if MAC authentication fails.
group-mobility
Use Group Mobility rules for device classification.
profile_name
The name of an existing User Network Profile (UNP) to use for device
classification.
classification.
vlan vid
Use this VLAN ID number for device classification.
default-vlan
Assigns supplicant to the default VLAN for the 802.1x port.
block
Blocks supplicant traffic on the 802.1x port.
captive-portal
Use Captive Portal for web-based device classification.
Defaults
When 802.1x is enabled on the port, all non-supplicant traffic is blocked by default.
Platforms Supported
OmniSwitch 6400, 6800, 6850, 6855, 9000, 9000E
Usage Guidelines
• Non-supplicant device classification policies are applied only when successful MAC authentication
does not return a VLAN ID, returns a VLAN ID that does not exist, or MAC authentication fails.
• When MAC authentication does return a VLAN ID that exists in the switch configuration, the suppli-
cant is assigned to that VLAN and no further classification is performed.
• When multiple parameters are configured, the policy is referred to as a compound non-supplicant
policy. Such policies use the pass and fail parameters to specify which policies to use when MAC
authentication is successful and which to use when it fails.
authentication is successful and which to use when it fails.
• The pass keyword is implied and therefore an optional keyword. If the fail keyword is not used, the
default action is to block the device when authentication fails.