Alcatel-Lucent 7330 Product Information Manual page 107

When the maximum MAC value on a bridge port is changed by the operator to a
lower value, the system performs the following actions:
•
flushes all the forward database (FDB) entries on the port
•
closes the associated ONT UNI for data traffic
•
sends identity request as multicast over the port in order to invite any potential
users of the port for authentication
•
opens the port for traffic after successful authentication
802.1x support assumptions
The system supports 802.1x authentication based on the following assumptions:
•
Authentication is supported only on LAN ports at the ONT and not for the plain
old telephone system (POTS) lines.
•
Authentication is performed on an ONT UNI basis. The highest priority GPON
encapsulation module (GEM) port ID that is configured on the user network
interface (UNI) is used for authentication.
•
There is no local authentication for 802.1x when the RADIUS server fails.
User session disconnection by system
The following three types of user disconnections are supported:
•
When the RADIUS requests disconnection, the system does not send an
accounting stop message. The system sends a failure message to the first
authenticated user on the port and initiates the authentication of other users on the
port.
•
When the maximum session duration is expired. The system sends a failure
message to the first authenticated user on the port and initiates other users on the
port to start authentication.
•
When there is a request to disable or delete a user port, the system gracefully
terminates the user sessions on the port before the port is disabled or deleted. User
session accounting data is sent to the RADIUS accounting servers when the
session is terminated.
Re-authentication
To ensure that there is no service interruption during re-authentication, it is required
re-authentication of the supplicant must occur before the session expires. The
supplicant does not cause any service interruption during re-authentication. New
accounting-stop or accounting-start messages are not sent due to re-authentication.
The P-OLT supports the re-authentication state. The configuration of the
re-authentication function is made on a port basis and includes enabling or disabling
re-authentication and setting the re-authentication period.
The RADIUS Termination Action attribute is supported. If a Termination Action is
received, re-authentication is performed only at the request of the RADIUS server.
The RADIUS server overrides local configuration of re-authentication in the P-OLT.
Alcatel-Lucent 7330/7302 ISAM FTTN R04.02.42a
3FE 54199 AAAA TCZZA Edition 01 ONT Product Information Guide
March 2011
1 — ONT and MDU overview
1-23