Alcatel-Lucent 6850-48 Guida Di Rete
Configuring Access Guardian
Setting Up Port-Based Network Access Control
OmniSwitch AOS Release 6 Network Configuration Guide
September 2009
page 34-21
Setting Up Port-Based Network Access Control
For port-based network access control, 802.1X must be enabled for the switch and the switch must know
which servers to use for authenticating 802.1X supplicants and non-supplicants.
which servers to use for authenticating 802.1X supplicants and non-supplicants.
In addition, 802.1X must be enabled on each port that is connected to a n 802.1X supplicant (or device).
Optional parameters may be set for each 802.1X port.
Optional parameters may be set for each 802.1X port.
The following sections describe these procedures in detail.
Setting 802.1X Switch Parameters
Use the
command to enable 802.1X for the switch and specify an authentica-
tion server (or servers) to be used for authenticating 802.1X ports. The servers must already be configured
through the
through the
ing all 802.1X ports on the switch:
-> aaa authentication 802.1x rad1 rad2
In this example, the rad1 server will be used for authenticating 802.1X ports. If rad1 becomes unavail-
able, the switch will use rad2 for 802.1X authentication. When this command is used, 802.1X is automati-
cally enabled for the switch.
able, the switch will use rad2 for 802.1X authentication. When this command is used, 802.1X is automati-
cally enabled for the switch.
If the Radius servers are not reachable a default policy can be configured, all users attempting to authenti-
cate will be assigned to the configured policy as shown below:
cate will be assigned to the configured policy as shown below:
-> 802.1x auth-server-down enable
-> 802.1x auth-server-down policy user-network-profile
-> 802.1x auth-server-down policy user-network-profile
For more information on configuring policies see
and the
command.
Enabling MAC Authentication
Use the
command to enable MAC authentication for the switch and specify an
authentication server (or servers) to be used for authenticating non-supplicants on 802.1x ports. As with
enabling 802.1x authentication, the servers specified with this command must already be configured
through the
enabling 802.1x authentication, the servers specified with this command must already be configured
through the
The following example command specifies authentication servers for authenticating non-supplicant
devices on 802.1x ports:
devices on 802.1x ports:
-> aaa authentication mac rad1 rad2
Note that the same RADIUS servers can be used for 802.1x (supplicant) and MAC (non-supplicant)
authentication. Using different servers for each type of authentication is allowed but not required.
authentication. Using different servers for each type of authentication is allowed but not required.
For more information about using MAC authentication and classifying non-supplicant devices, see
.
Enabling 802.1X on Ports
To enable 802.1X on a port, use the
mobile port.