802.1X Overview
Except on the first page, right running head:
Heading1 or Heading1NewPage text (automatic)
209
Alcatel-Lucent
Beta
Beta
CLI Configuration Guide
U
SING
802.1X
WITH
VLAN A
SSIGNMENT
After successful 802.1X authentication of a port, the RADIUS server sends the
VLAN assignment to configure the switchport. The RADIUS server database
maintains the user name-to-VLAN mappings, which assigns the VLAN based on
the user name of the client connected to the switch port.
When configured on the switch and the RADIUS server, 802.1X with VLAN
assignment has these characteristics:
•
If no VLAN is supplied by the RADIUS server, the port is configured in its access
VLAN after successful authentication.
•
If the VLAN information from the RADIUS server is not valid, the port remains in
the configured access VLAN.
•
Otherwise, if all information from the RADIUS server is valid, the port is placed in
the specified VLAN after authentication.
•
If the multiple-hosts mode is enabled on an 802.1X port, all hosts are placed in the
same VLAN (specified by the RADIUS server) as the first authenticated host.
•
If 802.1X is disabled on the port, it is returned to the configured access VLAN.
•
When the port is in the force authorized, force unauthorized, unauthorized, or
shutdown state, it is placed in the configured access VLAN.
•
If an 802.1X port is authenticated and put in the RADIUS server assigned VLAN,
any change to the port access VLAN configuration does not take effect.
•
If the multi-auth mode is enabled on a 802.1X port, the dynamic VLAN featured is
disabled, i.e., VLAN information received from RADIUS server will not do any
effect on the port.
To configure VLAN assignment, you need to perform these tasks:
•
Enable AAA services.
•
Enable 802.1X (the VLAN assignment feature is automatically enabled when you
configure 802.1X on an access port).
•
Assign vendor-specific tunnel attributes in the RADIUS server. The RADIUS
server must return these attributes to the switch:
•
[64] Tunnel-Type = VLAN
•
[65] Tunnel-Medium-Type = IEEE-802
•
[81] Tunnel-Private-Group-ID = VLAN ID
Attribute [64] must contain the value VLAN (type 13).
Attribute [65] must contain the value 802 (type 6).
Attribute [81] specifies the VLAN name or VLAN ID assigned to the 802.1X-
authenticated user.
A
LCATEL
-L
UCENT
S
PECIFIC
O
VERVIEW
Alcatel-Lucent’s Gigabit Ethernet line card (L2GE Card) is used for layer-2
functionality. 802.1X is a port based authentication protocol, which provides the
access to the port. Before giving any access to the hosts, which are connected to
L2GE Ports, needs to be authenticated on L2GE ports.
Содержание OmniAccess 700
Страница 38: ...Left running head Chapter name automatic 12 Beta Beta CLI Configuration Guide Alcatel Lucent ...
Страница 176: ...Left running head Chapter name automatic 150 Beta Beta CLI Configuration Guide Alcatel Lucent ...
Страница 224: ...Per VLAN Spanning Tree Left running head Chapter name automatic 198 Beta Beta CLI Configuration Guide Alcatel Lucent ...
Страница 258: ...Port Monitoring Left running head Chapter name automatic 232 Beta Beta CLI Configuration Guide Alcatel Lucent ...
Страница 260: ...Left running head Chapter name automatic 234 Beta Beta CLI Configuration Guide Alcatel Lucent ...
Страница 296: ...T1E1 Line Card Left running head Chapter name automatic 270 Beta Beta CLI Configuration Guide Alcatel Lucent ...
Страница 360: ...Point to Point Protocol Left running head Chapter name automatic 334 Beta Beta CLI Configuration Guide Alcatel Lucent ...
Страница 434: ...Left running head Chapter name automatic 408 Beta Beta CLI Configuration Guide Alcatel Lucent ...
Страница 462: ...Common Classifiers Left running head Chapter name automatic 436 Beta Beta CLI Configuration Guide Alcatel Lucent ...
Страница 464: ...Left running head Chapter name automatic 438 Beta Beta CLI Configuration Guide Alcatel Lucent ...
Страница 534: ...Border Gateway Protocol Left running head Chapter name automatic 508 Beta Beta CLI Configuration Guide Alcatel Lucent ...
Страница 638: ...Left running head Chapter name automatic 612 Beta Beta CLI Configuration Guide Alcatel Lucent ...
Страница 762: ...Filter and Firewall Left running head Chapter name automatic 736 Beta Beta CLI Configuration Guide Alcatel Lucent ...
Страница 890: ...Transparent Firewall Left running head Chapter name automatic 864 Beta Beta CLI Configuration Guide Alcatel Lucent ...
Страница 940: ...Left running head Chapter name automatic 914 Beta Beta CLI Configuration Guide Alcatel Lucent ...
Страница 1000: ...Quality of Service Left running head Chapter name automatic 974 Beta Beta CLI Configuration Guide Alcatel Lucent ...
Страница 1002: ...Left running head Chapter name automatic 976 Beta Beta CLI Configuration Guide Alcatel Lucent ...
Страница 1044: ...DNS Domain Name Service Client Left running head Chapter name automatic 1018 Beta Beta CLI Configuration Guide Alcatel Lucent ...
Страница 1046: ...Left running head Chapter name automatic 1020 Beta Beta CLI Configuration Guide Alcatel Lucent ...
Страница 1058: ...Left running head Chapter name automatic 1032 Beta Beta CLI Configuration Guide Alcatel Lucent ...
Страница 1074: ...Lifeline Left running head Chapter name automatic 1048 Beta Beta CLI Configuration Guide Alcatel Lucent line con 0 end ...
Страница 1076: ...Left running head Chapter name automatic 1050 Beta Beta CLI Configuration Guide Alcatel Lucent ...
Страница 1118: ...Web Cache Server Left running head Chapter name automatic 1092 Beta Beta CLI Configuration Guide Alcatel Lucent ...
Страница 1120: ...Left running head Chapter name automatic 2 Beta Beta CLI Configuration Guide Alcatel Lucent ...
Страница 1140: ...QoS Values and Mnemonics Left running head Chapter name automatic 22 Beta Beta CLI Configuration Guide Alcatel Lucent ...
Страница 1156: ...IPsec Interoperability of OA 700 Left running head Chapter name automatic 38 Beta Beta CLI Configuration Guide Alcatel Lucent ...