802.1x Configuration and Limitations
Configuration of 802.1x network access control on the router consists of two parts:
•
•
801.x authentication:
•
•
•
802.1x Tunneling for Epipe Service
Customers who subscribe to Epipe service considers the Epipe as a wire, and run 802.1x between
their devices which are located at each end of the Epipe.
Note: This feature only applies to port-based Epipe SAPs because 802.1x runs at port level not
VLAN level. Therefore such ports must be configured as null encapsulated SAPs.
When 802.1x tunneling is enabled, the 802.1x messages received at one end of an Epipe are
forwarded through the Epipe. When 802.1x tunneling is disabled (by default), 802.1x messages
are dropped or processed locally according to the 802.1x configuration (shutdown or no
shutdown).
Note that enabling 802.1x tunneling requires the 802.1x mode to be set to force-auth. Enforcement
is performed on the CLI level.
7210 SAS M, T, X, R6, Mxp Interface Configuration Guide
Generic parameters, which are configured under config>security>dot1x
Port-specific parameters, which are configured under config>port>ethernet>dot1x
Provides access to the port for any device, even if only a single client has been
authenticated.
Can only be used to gain access to a pre-defined Service Access Point (SAP). It is not
possible to dynamically select a service (such as a VPLS service) depending on the 802.1x
authentication information.
Interface Configuration
Page 83