Configuring 802.1X Port Parameters; Configuring The Port Control Direction; Configuring The Port Authorization; Configuring 802.1X Port Timeouts - Alcatel OmniSwitch 6624 Network Configuration Manual

Configuring 802.1X
To disable 802.1X on a port, use the disable option with vlan port 802.1x command. For more informa-
tion about vlan port commands, See

Configuring 802.1X Port Parameters

By default, when 802.1X is enabled on a port, the port is configured for bidirectional control, automatic
authorization, and re-authentication. In addition, there are several timeout values that are set by default as
well as a maximum number of times the switch will retransmit an authentication request to the user.
All of these parameters may be configured on the same command line but are shown here configured
separately for simplicity.

Configuring the Port Control Direction

To configure the port control direction, use the
for bidirectional or in for incoming traffic only. For example:
-> 802.1x 3/1 direction in
In this example, the port control direction is set to incoming traffic only on port 1 of slot 3.
The type of port control (or authorization) is configured with the port-control parameter described in the
next section.

Configuring the Port Authorization

Port authorization determines whether the port is open to all traffic, closed to all traffic, or open to traffic
after the port is authenticated. To configure the port authorization, use the
control keyword and the force-authorized, force-unauthorized, or auto option.
-> 802.1x 3/1 port-control force-authorized
In this example, the port control on port 1 of slot 3 is always authorized for any traffic.
The auto option configures the port to be open for traffic based on the open-unique or open-global
setting of the aaa authentication 802.1x
page 19-8 for more information about configuring these options.

Configuring 802.1X Port Timeouts

There are several timeouts that may be modified per port:
Quiet timeout—The time during which the port will not accept an 802.1X authentication attempt after
•
an authentication failure.
Transmit timeout—The time before an EAP Request Identity message will be re-transmitted.
•
Supplicant (or user) timeout—The time before the switch will timeout an 802.1X user who is attempt-
•
ing to authenticate. During the authentication attempt, the switch sends requests for authentication
information (identity requests, challenge response, etc.) to the supplicant (see
mum Number of Requests" on page
supplicant is timed out when the timeout expires.
To modify the quiet timeout, use the
transmit timeout, use the
timeout, use the 802.1x
OmniSwitch 6624/6648 Network Configuration Guide
Chapter 6, "Assigning Ports to VLANs."
802.1x
command. See
19-10). If the supplicant does not reply to these requests, the
802.1x command with the quiet-period keyword. To modify the
802.1x command with the tx-period keyword. To modify the supplicant or user
command with the supp-timeout keyword. For example:
Setting Up Port-Based Network Access Control
command with the direction keyword with both
802.1x
"Setting 802.1X Switch Parameters" on
April 2004
command with the port-
"Configuring the Maxi-
page 19-9