Eapol Configuration Guidelines - IBM RackSwitch G8000 Application Manual

EAPoL Configuration Guidelines

78
RackSwitch G8000: Application Guide
When configuring EAPoL, consider the following guidelines:
• The 802.1X port-based authentication is currently supported only in
point-to-point configurations, that is, with a single supplicant connected to an
802.1X-enabled switch port.
• When 802.1X is enabled, a port has to be in the authorized state before any
other Layer 2 feature can be operationally enabled. For example, the STG state
of a port is operationally disabled while the port is in the unauthorized state.
• The 802.1X supplicant capability is not supported. Therefore, none of its ports
can successfully connect to an 802.1X-enabled port of another device, such as
another switch, that acts as an authenticator, unless access control on the
remote port is disabled or is configured in forced-authorized mode. For example,
if a G8000 is connected to another G8000, and if 802.1X is enabled on both
switches, the two connected ports must be configured in force-authorized mode.
• Unsupported 802.1X attributes include Service-Type, Session-Timeout, and
Termination-Action.
• RADIUS accounting service for 802.1X-authenticated devices or users is not
currently supported.
• Configuration changes performed using SNMP and the standard 802.1X MIB will
take effect immediately.