Alcatel-Lucent 6850-48 ネットワークガイド
Configuring Access Guardian Policies
Configuring Access Guardian
page 34-22
OmniSwitch AOS Release 6 Network Configuration Guide
September 2009
-> vlan port mobile 3/1
-> vlan port 3/1 802.1x enable
The vlan port 802.1x command enables 802.1X on port 1 of slot 3. The port will be set up with defaults
listed in
listed in
of the
To disable 802.1X on a port, use the disable option with vlan port 802.1x command. For more informa-
tion about vlan port commands, See
tion about vlan port commands, See
Configuring 802.1X Port Parameters
By default, when 802.1X is enabled on a port, the port is configured for bidirectional control, automatic
authorization, and re-authentication. In addition, there are several timeout values that are set by default as
well as a maximum number of times the switch will retransmit an authentication request to the user.
authorization, and re-authentication. In addition, there are several timeout values that are set by default as
well as a maximum number of times the switch will retransmit an authentication request to the user.
If it is necessary to change the default values of these parameters, see
for information about how to configure 802.1X port parameters.
Configuring Access Guardian Policies
The Access Guardian provides functionality that allows the configuration of 802.1x device classification
policies for supplicants (802.1x clients) and non-supplicants (non-802.1x clients). See
policies for supplicants (802.1x clients) and non-supplicants (non-802.1x clients). See
for more information.
Configuring device classification policies is only supported on mobile, 802.1x-enabled ports. In addition,
the port control status for the port must allow auto authorization (the default). See the
the port control status for the port must allow auto authorization (the default). See the
section in
for specific information
about how to enable 802.1x functionality on a port.
, there are several types of policy
options that when combined together create either a supplicant or non-supplicant policy. Consider the
following when configuring policies:
following when configuring policies:
• A single policy option can only appear once for a pass condition and once for a failed condition in a
single policy.
• Up to three VLAN ID policy options are allowed within the same policy, as long as the ID number is
different for each instance specified (e.g., VLAN 20 VLAN 30 VLAN 40).
• A policy must terminate. The last policy option must result in either blocking the device, assigning the
device to the default VLAN, or invoking Captive Portal for web-based authentication. If a final policy
option is not specified, the block option is used by default.
option is not specified, the block option is used by default.
• The order in which policy options are configured determines the order in which they are applied to the
device.
• Configuring a policy to apply a User Network Profile (UNP) requires the name of an existing profile.
In addition, certain profile attributes may also require additional configuration. See
for more information.