802.1X Support Assumptions; User Session Disconnection By System; Re-Authentication - Alcatel-Lucent 7302 Information Manual
Intelligent services access manager
Hide thumbs
Also See for 7302:
- Product information manual (256 pages) ,
- Product information manual (420 pages) ,
- Operation and maintenance (20 pages)
Table of Contents
Advertisement
1 — ONT and MDU overview
802.1x support assumptions
The system supports 802.1x authentication based on the following assumptions:
•
Authentication is supported only on LAN ports at the ONT and not for the plain
old telephone system (POTS) lines.
•
Authentication is performed on an ONT UNI basis. The highest priority GPON
encapsulation module (GEM) port ID that is configured on the user network
interface (UNI) is used for authentication.
•
There is no local authentication for 802.1x when the RADIUS server fails.
User session disconnection by system
The following three types of user disconnections are supported:
•
When the RADIUS requests disconnection, the system does not send an
accounting stop message. The system sends a failure message to the first
authenticated user on the port and initiates the authentication of other users on the
port.
•
When the maximum session duration is expired. The system sends a failure
message to the first authenticated user on the port and initiates other users on the
port to start authentication.
•
When there is a request to disable or delete a user port, the system gracefully
terminates the user sessions on the port before the port is disabled or deleted. User
session accounting data is sent to the RADIUS accounting servers when the
session is terminated.
Re-authentication
To ensure that there is no service interruption during re-authentication, it is required
re-authentication of the supplicant must occur before the session expires. The
supplicant does not cause any service interruption during re-authentication. New
accounting-stop or accounting-start messages are not sent due to re-authentication.
The P-OLT supports the re-authentication state. The configuration of the
re-authentication function is made on a port basis and includes enabling or disabling
re-authentication and setting the re-authentication period.
The RADIUS Termination Action attribute is supported. If a Termination Action is
received, re-authentication is performed only at the request of the RADIUS server.
The RADIUS server overrides local configuration of re-authentication in the P-OLT.
If re-authentication is enabled on a port, the Session Timeout value returned by
RADIUS service is used as the re-authentication period. If the RADIUS server does
not return a Session Timeout value, the re-authentication timer for the port that is
configured by the management system is used.
If there is no response from an RADIUS server for re-authentication due to an NT
card switchover, the P-OLT treats the re-authentication as a successful one for 30
min.
If re-authentication is disabled for a port, the Session Timeout value returned by
RADIUS server is used to terminate the sessions. Re-authentication initiated by the
management system is not required.
1-28
November 2013
Alcatel-Lucent 7302 ISAM | 7330 ISAM FTTN | 7360 ISAM FX ONT R04.06.02
Edition 01
3FE 55873 AAAA TCZZA
ONT Product Information Guide
Advertisement
Table of Contents
