Setting Up Port-Based Network Access Control; Setting 802.1X Switch Parameters; Enabling 802.1X On Ports - Alcatel OmniSwitch 6624 Network Configuration Manual

Setting Up Port-Based Network Access Control

Setting Up Port-Based Network Access Control
For port-based network access control, the switch must know which servers to use for authenticating
802.1X supplicants and how to treat traffic coming in on 802.1X ports. These are global parameters.
In addition, 802.1X must be enabled on each port that is connected to an 802.1X supplicant (or device).
Optional parameters may be set for each 802.1X port.
The following sections describe these procedures in detail.

Setting 802.1X Switch Parameters

Use the aaa authentication 802.1x
for authenticating 802.1X ports. The servers must already be configured through the
command. An example of specifying authentication servers for authenticating all 802.1X ports on the
switch:
-> aaa authentication 802.1x rad1 rad2
In this example, the rad1 server will be used for authenticating 802.1X ports. If rad1 becomes unavail-
able, the switch will use rad2 for 802.1X authentication.
After a device authenticates on the 802.1X port, the switch will allow only traffic coming from the authen-
ticated device's MAC address or it may be configured to allow any traffic through the port after authenti-
cation. The keyword open-unique indicates that only traffic from the authenticated device's MAC address
is allowed; the keyword open-global indicates that any traffic may pass through the port after a device has
authenticated on the port. The default is open-unique.
To configure the global port behavior, specify the desired keyword with the aaa authentication 802.1x
command. Note that you may specify the port behavior and the authentication server on the same
command line:
-> aaa authentication 802.1x open-global rad1 rad2
In this example, any traffic coming into the switch on an 802.1X port will be permitted after any device is
successfully authenticated through the 802.1X port.
Note. The open-unique and open-global states are only applied to 802.1X ports that have automatic port
control (this is the default). See
configuring port control on a particular port.

Enabling 802.1X on Ports

To enable 802.1X on a port, use the
mobile port.
-> vlan port mobile 3/1
-> vlan port 3/1 802.1x enable
The vlan port 802.1x command enables 802.1X on port 1 of slot 3. The port will be set up with defaults
listed in "802.1X Defaults" on page
page 19-8
command to specify an authentication server (or servers) to be used
"Configuring the Port Authorization" on page 19-9
vlan port 802.1x command. The port must also be configured as a
19-2.
OmniSwitch 6624/6648 Network Configuration Guide
Configuring 802.1X
aaa radius-server
for information about
April 2004