802.1X Non-Supplicant Policy Authentication - Alcatel-Lucent OmniSwitch 6250 Cli Reference Manual

802.1x non-supplicant policy authentication

Configures a non-supplicant device classification policy for an 802.1x port. This type of policy uses MAC
authentication via a remote RADIUS server. A non-supplicant is a device that does not support using the
802.1x protocol for authentication.
802.1x slot/port non-supplicant policy authentication [[pass] {group-mobility | vlan vid | default-vlan |
block | captive-portal}] [[fail] {group-mobility | vlan vid | default-vlan | block | captive-portal}]
Syntax Definitions
slot/port
pass
fail
group-mobility
vlan vid
default-vlan
block
captive-portal
Defaults
When 802.1x is enabled on the port, all non-supplicant traffic is blocked by default.
Platforms Supported
OmniSwitch 6250
Usage Guidelines
•
Non-supplicant device classification policies are applied only when successful MAC authentication
does not return a VLAN ID, returns a VLAN ID that does not exist, or MAC authentication fails.
•
When MAC authentication does return a VLAN ID that exists in the switch configuration, the suppli-
cant is assigned to that VLAN and no further classification is performed.
•
When multiple parameters are configured, the policy is referred to as a compound non-supplicant
policy. Such policies use the pass and fail parameters to specify which policies to use when MAC
authentication is successful and which to use when it fails.
•
The pass keyword is implied and therefore an optional keyword. If the fail keyword is not used, the
default action is to block the device when authentication fails.
•
The order in which the parameters are specified determines the order in which they are applied.
However, this type of policy must end with either the default-vlan or block, or captive-portal parame-
ters, referred to as terminal parameters (or policies). This applies to both pass and fail policies. If a
terminal parameter is not specified, the block parameter is used by default.
page 44-12
The slot and port number of the 802.1x port.
Indicates which policies to apply if MAC authentication is successful
but does not return a VLAN ID or the VLAN ID returned does not exist.
Indicates which policies to apply if MAC authentication fails.
Use Group Mobility rules for device classification.
Use this VLAN ID number for device classification.
Assigns supplicant to the default VLAN for the 802.1x port.
Blocks supplicant traffic on the 802.1x port.
Use Captive Portal for web-based device classification.
OmniSwitch 6250 CLI Reference Guide
802.1X Commands
November 2009