Alcatel-Lucent 6850-48 Guida Di Riferimento
802.1X Commands
OmniSwitch CLI Reference Guide
September 2009
page 59-19
802.1x captive-portal policy authentication
Configures a Captive Portal device classification policy for an 802.1x port. This type of policy is applied
to both supplicants and non-supplicants that were classified by a supplicant or non-supplicant policy to use
Captive Portal web-based authentication.
to both supplicants and non-supplicants that were classified by a supplicant or non-supplicant policy to use
Captive Portal web-based authentication.
802.1x slot/port captive-portal policy authentication pass {group-mobility | user-network-profile
profile_name | vlan vid | default-vlan | block}] [fail] {group-mobility | vlan vid | default-vlan | block}
profile_name | vlan vid | default-vlan | block}] [fail] {group-mobility | vlan vid | default-vlan | block}
Syntax Definitions
slot/port
The slot and port number of the 802.1x port.
pass
Indicates which policies to apply if authentication is successful but does
not return a VLAN ID or the VLAN ID returned does not exist.
not return a VLAN ID or the VLAN ID returned does not exist.
fail
Indicates which policies to apply if authentication fails.
group-mobility
Use Group Mobility rules for device classification.
profile_name
The name of a User Network Profile to use for device classification.
vlan vid
Use this VLAN ID number for device classification.
default-vlan
Assigns the device to the default VLAN for the 802.1x port.
block
Blocks device traffic on the 802.1x port.
Defaults
A default Captive Portal policy is automatically configured when 802.1x is enabled on a port. This default
policy uses the default-vlan parameter for the pass case and the block parameter for the fail case.
policy uses the default-vlan parameter for the pass case and the block parameter for the fail case.
Platforms Supported
OmniSwitch 6400, 6850, 6855, 9000, 9000E
Usage Guidelines
• Captive Portal device classification policies are applied only when successful web-based authentica-
tion does not return a VLAN ID, returns a VLAN ID that does not exist, or when web-based authenti-
cation fails.
cation fails.
• When web-based authentication does return a VLAN ID that exists in the switch configuration, the
device is assigned to that VLAN and no further classification is performed.
• When multiple parameters are configured, the policy is referred to as a compound non-supplicant
policy. Such policies use the pass and fail parameters to specify which policies to use when MAC
authentication is successful and which to use when it fails.
authentication is successful and which to use when it fails.
• If the fail keyword is not used, the default action is to block the device when authentication fails.
• The order in which the parameters are specified determines the order in which they are applied.
However, this type of policy must end with either the default-vlan or block parameters, referred to as
terminal parameters (or policies). This applies to both pass and fail policies.
terminal parameters (or policies). This applies to both pass and fail policies.