Supplicant Policy Examples - Alcatel-Lucent OmniSwitch 6800 Series Network Configuration Manual
Hide thumbs
Also See for OmniSwitch 6800 Series:
- Management manual (292 pages) ,
- Hardware user's manual (134 pages) ,
- User manual (32 pages)
Table of Contents
Advertisement
Configuring Access Guardian Policies
To configure a compound supplicant policy, use the pass and fail keywords to specify which policies to
apply when 802.1x authentication is successful but does not return a VLAN ID and which policies to
apply when 802.1x authentication fails or returns a VLAN ID that does not exist. The pass keyword is
implied and therefore an optional keyword. If the fail keyword is not used, the default action is to block
the device.
Note. When a policy is specified as a policy to apply when authentication fails, device classification is
restricted to assigning supplicant devices to VLANs that are not authenticated VLANs.
Supplicant Policy Examples
The following table provides example supplicant policy commands and a description of how the resulting
policy is applied to classify supplicant devices:
Supplicant Policy Command Example
802.1x 1/24 supplicant policy authentication pass
group-mobility default-vlan fail vlan 43 block
802.1x 1/48 supplicant policy authentication
group-mobility vlan 127 default-vlan
page 27-16
Description
If the 802.1x authentication process is successful
but does not return a VLAN ID for the device, then
the following occurs:
1
2
If the device fails 802.1x authentication, then the
following occurs:
1
2
If the 802.1x authentication process is successful
but does not return a VLAN ID for the device, then
the following occurs:
1
2
3
If the device fails 802.1x authentication, the device
is blocked on port 1/48.
OmniSwitch 6800/6850/9000 Network Configuration Guide
Group Mobility rules are applied.
If Group Mobility classification fails, then the
device is assigned to the default VLAN for
port 1/24.
If VLAN 43 exists and is not an authenticated
VLAN, then the device is assigned to
VLAN 43.
If VLAN 43 does not exist or is an authenti-
cated VLAN, then the device is blocked from
accessing the switch on port 1/24.
Group Mobility rules are applied.
If Group Mobility classification fails, then the
device is assigned to VLAN 127.
If VLAN 127 does not exist, then the device is
assigned to the default VLAN for port 1/48.
Configuring 802.1X
March 2008
Advertisement
Table of Contents
