Alcatel-Lucent OmniSwitch 6800 Series Network Configuration Manual page 580
Hide thumbs
Also See for OmniSwitch 6800 Series:
- Management manual (292 pages) ,
- Hardware user's manual (134 pages) ,
- User manual (32 pages)
Table of Contents
Advertisement
802.1X Overview
The first policy applies only to supplicants; the second policy applies only to non-supplicants. The remain-
ing policies apply to both supplicants and non-supplicants. Policies three through six are combined with
policy one or two to provide alternative methods for classifying devices when successful authentication
does not return a VLAN ID. It is also possible to configure policies three through six without also specify-
ing policy one or two. In this case, no authentication is performed, but device classification is restricted to
non-authenticated VLANs.
When multiple policies are specified when configuring a device classification policy, they form a
compound policy. Compound policies that use 802.1x authentication are supplicant policies; all others are
non-supplicant policies.
The order in which policies are applied to client traffic is determined by the order in which the policy was
configured. For example, if a compound non-supplicant policy is configured by specifying MAC authenti-
cation, Group Mobility rules, and default VLAN, then the policies are applied in the following sequence:
1
MAC authentication is performed.
2
If authentication was successful and provided a VLAN ID, the client is assigned to that VLAN and no
further policies are applied.
3
If a VLAN ID was not provided or authentication failed, then Group Mobility rules are applied.
4
If there are no Group Mobility rules that match the client traffic, then the device is learned in the
default VLAN for the port.
See
"Configuring Access Guardian Policies" on page 27-14
configure policies.
Note. It is possible to bypass 802.1x authentication and classify supplicants connected to an 802.1x port as
non-supplicants (see
When this is done, all devices (including supplicants) are then classified as non-supplicants. As a result,
non-supplicant policies that use MAC-based authentication are now applicable to supplicant devices, not
just non-supplicant devices.
page 27-10
"Configuring the Number of Polling Retries" on page 27-13
OmniSwitch 6800/6850/9000 Network Configuration Guide
for more information about how to use and
for more information).
Configuring 802.1X
March 2008
Advertisement
Table of Contents
