Alcatel-Lucent ls 6248 User Guide
802.1X Port-Based Authentication
155
3
administrator can use Guest VLANs to deny network access via port-based
authentication, but grant Internet access to unauthorized users.
authentication, but grant Internet access to unauthorized users.
• Unauthenticated VLANS — Are available to users, even if the ports attached to
the VLAN are defined as unauthorized.
When configuring port based authentication, ensure the following:
• The switch must have an IP address assigned.
• The switch must have an IP address assigned.
• RADIUS authentication must be enabled on the switch and the IP address of the
RADIUS server specified.
• Each switch port must be set to dot1x “Auto” mode.
• Each client that needs to be authenticated must have dot1x client software
installed and properly configured.
• The RADIUS server and 802.1x client support EAP. (The switch only supports
EAPOL in order to pass the EAP packets from the server to the client.)
• The RADIUS server and client also have to support the same EAP authentication
type – MD5. (Some clients have native support in Windows, otherwise the dot1x
client must support it.)
client must support it.)
Defining Network Authentication Properties
The System Information Page allows network managers to configure network
authentication parameters. In addition, Guest VLANs are enabled from the System
Information Page.
authentication parameters. In addition, Guest VLANs are enabled from the System
Information Page.
Command Attributes
• Port-based Authentication — Enables port-based authentication on the device.
The possible field values are:
• Enable — Enables port-based authentication on the device.
• Disable — Disables port-based authentication on the device.
• Authentication Method — Specifies the authentication method used. The
possible field values are:
• None — No authentication method is used to authenticate the port.
• RADIUS — Port authentication is performed via RADIUS server.
• RADIUS, None — Port authentication is performed first via the RADIUS server.
If no response is received from RADIUS (for example, if the server is down), then the
None option is used
None option is used
, and the session is permitted.
• Guest VLAN — Specifies whether the Guest VLAN is enabled on the device. The
possible field values are:
• Enable — Enables use of a Guest VLAN for unauthorized ports. If a Guest
VLAN is enabled, the unauthorized port automatically joins the VLAN selected
in the VLAN List field.
in the VLAN List field.
• Disable —
Disables use of a Guest VLAN for unauthorized ports
. This is the
default.
• Guest VLAN ID — Contains a list of VLANs. The Guest VLAN is selected from the
VLAN list.