802.1X Captive-Portal Policy Authentication - Alcatel-Lucent OmniSwitch 6250 Cli Reference Manual

802.1x captive-portal policy authentication

Configures a Captive Portal device classification policy for an 802.1x port. This type of policy classifies
both supplicants and non-supplicants that have attempted network access using web-based authentication.
802.1x slot/port captive-portal policy authentication pass {group-mobility | vlan vid | default-vlan |
block}] [fail] {group-mobility | vlan vid | default-vlan | block}
Syntax Definitions
slot/port
pass
fail
group-mobility
vlan vid
default-vlan
block
Defaults
A default Captive Portal policy is automatically configured when 802.1x is enabled on a port. This default
policy uses the default-vlan parameter for the pass case and the block parameter for the fail case.
Platforms Supported
OmniSwitch 6250
Usage Guidelines
•
Captive Portal device classification policies are applied only when successful web-based authentica-
tion does not return a VLAN ID, returns a VLAN ID that does not exist, or when web-based authenti-
cation fails.
•
When web-based authentication does return a VLAN ID that exists in the switch configuration, the
device is assigned to that VLAN and no further classification is performed.
•
When multiple parameters are configured, the policy is referred to as a compound non-supplicant
policy. Such policies use the pass and fail parameters to specify which policies to use when MAC
authentication is successful and which to use when it fails.
•
If the fail keyword is not used, the default action is to block the device when authentication fails.
•
The order in which the parameters are specified determines the order in which they are applied.
However, this type of policy must end with either the default-vlan or block parameters, referred to as
terminal parameters (or policies). This applies to both pass and fail policies.
•
Captive Portal policies are applied only to 802.1x enabled mobile ports that are configured with an
802.1x supplicant or non-supplicant policy that specifies the use of Captive Portal web-based authenti-
cation.
page 44-18
The slot and port number of the 802.1x port.
Indicates which policies to apply if authentication is successful but does
not return a VLAN ID or the VLAN ID returned does not exist.
Indicates which policies to apply if authentication fails.
Use Group Mobility rules for device classification.
Use this VLAN ID number for device classification.
Assigns the device to the default VLAN for the 802.1x port.
Blocks device traffic on the 802.1x port.
OmniSwitch 6250 CLI Reference Guide
802.1X Commands
November 2009