Table of Contents
Advertisement
Configuring 802.1X
Configuring 802.1X Port Parameters
By default, when 802.1X is enabled on a port, the port is configured for bidirectional control, automatic
authorization, and re-authentication. In addition, there are several timeout values that are set by default as
well as a maximum number of times the switch will retransmit an authentication request to the user.
All of these parameters may be configured on the same command line but are shown here configured
separately for simplicity.
Configuring the Port Control Direction
To configure the port control direction, use the
for bidirectional or in for incoming traffic only. For example:
-> 802.1x 3/1 direction in
In this example, the port control direction is set to incoming traffic only on port 1 of slot 3.
The type of port control (or authorization) is configured with the port-control parameter described in the
next section.
Configuring the Port Authorization
Port authorization determines whether the port is open to all traffic, closed to all traffic, or open to traffic
after the port is authenticated. To configure the port authorization, use the
control keyword and the force-authorized, force-unauthorized, or auto option.
-> 802.1x 3/1 port-control force-authorized
In this example, the port control on port 1 of slot 3 is always authorized for any traffic.
The auto option configures the port to be open for traffic when a device successfully completes an 802.1X
authentication exchange with the switch.
Configuring 802.1X Port Timeouts
There are several timeouts that may be modified per port:
Quiet timeout—The time during which the port will not accept an 802.1X authentication attempt after
•
an authentication failure.
Transmit timeout—The time before an EAP Request Identity message will be re-transmitted.
•
Supplicant (or user) timeout—The time before the switch will timeout an 802.1X user who is attempt-
•
ing to authenticate. During the authentication attempt, the switch sends requests for authentication
information (identity requests, challenge response, etc.) to the supplicant (see
mum Number of Requests" on page
supplicant is timed out when the timeout expires.
To modify the quiet timeout, use the
transmit timeout, use the
timeout, use the
802.1x
-> 802.1x 3/1 quiet-period 50 tx-period 25 supp-timeout 25
This command changes the quiet timeout to 50 seconds; the transmit timeout to 25 seconds; and the user
timeout to 25 seconds.
OmniSwitch 6600 Family Network Configuration Guide
802.1x
22-12). If the supplicant does not reply to these requests, the
802.1x
command with the quiet-period keyword. To modify the
802.1x
command with the tx-period keyword. To modify the supplicant or user
command with the supp-timeout keyword. For example:
Setting Up Port-Based Network Access Control
command with the direction keyword with both
802.1x
April 2006
command with the port-
"Configuring the Maxi-
page 22-11
Hide quick links:
Advertisement
Table of Contents
