Nortel 2526T Guía Del Usuario
EAPOL Security Configuration
23
or failure of the authentication to change the operational state of the
controlled port. PAE functions are then available for each port to forward,
or else the controlled port state depends upon the operational traffic
control field in the EAPoL configuration screen. Operational traffic can
be of two types:
controlled port. PAE functions are then available for each port to forward,
or else the controlled port state depends upon the operational traffic
control field in the EAPoL configuration screen. Operational traffic can
be of two types:
•
Incoming and Outgoing- In regards to an unauthorized controlled port,
the frames received and transmitted are discarded, and state of the
port is blocked.
the frames received and transmitted are discarded, and state of the
port is blocked.
•
Incoming- Although the frames received for an unauthorized port are
discarded, the transmit frames are forwarded through the port.
discarded, the transmit frames are forwarded through the port.
EAPoL with Guest VLAN
Basic EAP (802.1x) Authentication supports Port Based User Access. At
any time, only one user (MAC) can be authenticated on a port, and the port
can be assigned to only one Port-based VLAN. Only the MAC address of
the device/user that completed the EAP negotiations on the port has access
to that port for traffic. Any tagging of ingress packets are to the PVID of that
port. This remains the default configuration.
any time, only one user (MAC) can be authenticated on a port, and the port
can be assigned to only one Port-based VLAN. Only the MAC address of
the device/user that completed the EAP negotiations on the port has access
to that port for traffic. Any tagging of ingress packets are to the PVID of that
port. This remains the default configuration.
With Software Release 4.1, EAP also allows Guest VLANs to be configured
for access to that port. Any active VLAN can be made a Guest VLAN.
for access to that port. Any active VLAN can be made a Guest VLAN.
EAPOL Security Configuration
EAPOL security lets you selectively limit access to the switch based on an
authentication mechanism that uses Extensible Authentication Protocol
(EAP) to exchange authentication information between the switch and an
authentication server.
authentication mechanism that uses Extensible Authentication Protocol
(EAP) to exchange authentication information between the switch and an
authentication server.
ATTENTION
Before you enable EAPOL, you must configure your Primary RADIUS Server
and RADIUS Shared Secret.
You also need to set up specific user accounts on your RADIUS server:
and RADIUS Shared Secret.
You also need to set up specific user accounts on your RADIUS server:
•
User names
•
Passwords
•
VLAN IDs
•
Port priority
You can set up these parameters directly on your RADIUS server. For
detailed instructions about configuring your RADIUS server, see your
RADIUS server documentation.
detailed instructions about configuring your RADIUS server, see your
RADIUS server documentation.
Nortel Ethernet Routing Switch 2500 Series
Security — Configuration and Management
NN47215-505 (323165-B)
02.01
Standard
4.1
19 November 2007
Copyright © 2007, Nortel Networks
.