Alcatel-Lucent OmniSwitch 6850-48 Cli Reference Manual page 2488
Alcatel-lucent omniswitch 6850-48: reference guide
Hide thumbs
Also See for OmniSwitch 6850-48:
- Network configuration manual (1162 pages) ,
- Management manual (312 pages) ,
- Hardware user's manual (188 pages)
Table of Contents
Advertisement
•
When authentication does return a VLAN ID that exists in the switch configuration, the supplicant is
assigned to that VLAN and no further classification is performed.
•
If this command is used without specifying any of the optional policy keywords or a pass/fail parame-
ter (e.g. 802.1x 1/10 supplicant authentication), the resulting policy will block supplicants if success-
ful 802.1x authentication does not return a VLAN ID, returns a VLAN ID that does not exist, or
authentication fails.
•
When multiple parameters are configured, the policy is referred to as a compound supplicant policy.
Such policies use the pass and fail parameters to specify which policies to use when 802.1x authentica-
tion is successful and which to use when it fails.
•
The pass keyword is implied and therefore an optional keyword. If the fail keyword is not used, the
default action is to block the device when authentication fails.
•
The order in which parameters are specified determines the order in which they are applied. However,
this type of policy must end with either the default-vlan, block, or captive-portal parameters, referred
to as terminal parameters (or policies). This applies to both pass and fail policies. If a terminal parame-
ter is not specified, the block parameter is used by default.
•
If the captive-portal parameter is specified with this command, then the Captive Portal authentication
policy is applied to supplicant traffic. See the
page for more information.
•
A User Network Profile (UNP) specifies a VLAN assignment for the device, whether or not Host
Integrity Check (HIC) is required for the device, and if any QoS access control list (ACL) policies are
applied to the device. See the
create a UNP.
•
Configuring supplicant classification policies is only supported on 802.1x enabled mobile ports.
•
Each 802.1x port can have one supplicant policy and one non-supplicant policy for handling 802.1x
and non-802.1x devices, respectively. Configuring a new supplicant or non-supplicant policy over-
writes any policies that may already exist for the port.
Examples
-> 802.1x 3/1 supplicant policy authentication
-> 802.1x 4/1 supplicant policy authentication vlan 27 default-vlan
-> 802.1x 5/1 supplicant policy authentication group-mobility captive-portal
-> 802.1x 5/10 supplicant policy authentication pass group-mobility default-vlan
fail vlan 43 block
-> 802.1x 6/1 supplicant policy authentication pass group-mobility default-vlan
fail captive-portal
-> 802.1x 4/10 supplicant policy authentication pass user-network-profile fail
captive-portal
Release History
Release 6.1.2; command was introduced.
Release 6.3.4; user-network-profile, captive-portal parameters added.
page 35-14
802.1x captive-portal policy authentication
aaa user-network-profile
command page for information about how to
OmniSwitch CLI Reference Guide
802.1X Commands
command
June 2012
Advertisement
Table of Contents
