Alcatel-Lucent 6600 Switch User Manual


 
Configuring 802.1X Setting Up Port-Based Network Access Control
OmniSwitch 6600 Family Network Configuration Guide April 2006 page 22-13
Initializing an 802.1X Port
An 802.1X port may be reinitialized. This is useful if there is a problem on the port. The reinitialization
process drops connectivity with the supplicant and forces the supplicant to be re-authenticated. Connectiv-
ity is restored with successful re-authentication. To force an initialization, use the 802.1x initialize
command with the relevant slot/port number. For example:
-> 802.1x initialize 3/1
This command drops connectivity on port 1 of slot 3. The switch sends out a Request Identity message
and restores connectivity when the port is successfully re-authenticated.
Configuring the Supplicant Polling Retry Count
To configure the number of times the switch polls an unknown device connected to an 802.1x port, use the
802.1x supp-polling retry command. For example,
-> 802.1x 3/1 supp-polling retry 10
If after the number of polling attempts specified the device has not responded with EAP frames, then the
device is identified as a non-supplicant (non-802.1x user). When this occurs, any non-supplicant device
classification policies that are configured for the port are appliced to the device. See “Using Access
Guardian Policies” on page 22-8 for more information. If there are no such policies, then the device is
blocked.
Note that the polling interval is set to 0.5 seconds between each retry and is not a configurable at this time.
Configuring Accounting for 802.1X
To log 802.1X sessions, use the aaa accounting 802.1x command with the desired RADIUS server
names; use the keyword local to specify that the Switch Logging function in the switch should be used to
log 802.1X sessions. RADIUS servers are configured with the aaa radius-server command.
-> aaa accounting 802.1x rad1 local
In this example, the RADIUS server rad1 will be used for accounting. If rad1 becomes unavailable, the
local Switch Logging function in the switch will log 802.1X sessions. For more information about Switch
Logging, see Chapter 28, “Using Switch Logging.”