Chapter 11 Avaya P330 Layer 2 Features
68 Avaya P333R-LB User’s Guide
Note: If either PBNAC or STP/RSTP are in a blocking state, the final state of the port
will be blocked.
• When PBNAC is activated, the application immediately places all ports in a
blocking state unless they were declared "Force Authenticate". They will be
reverted to “Forwarding” state only when the port is authorized by the
RADIUS server.
Note: The actual state of ports configured as "Force Authenticate" is determined by
the STA.
Configuring the P330 for PBNAC
This section lists the basic tasks required to configure a P330 stack for PBNAC. To
configure P330 for PBNAC, do the following:
• Configure a RADIUS server on a network reachable from the P330:
— Create user names and passwords for allowed users.
— Make sure the EAP option is enabled on this server.
• Configure the P330 for RADIUS:
— Configure RADIUS parameters.
— Enable the RADIUS feature.
— Configure the port used to access the RADIUS server as “force-authorized.”
• Connect the Supplicant—i.e., Windows XP clients—directly to the P330.
• Verify that the dot1x port-control is in auto mode.
• Set the dot1x system-auth-config to enable; the authentication process starts:
— The supplicant is asked to supply a user name and password.
— If authentication is enabled on the port, the Authenticator initiates
authentication when the link is up.
— Authentification Succeeds: after the authentication process completes, the
supplicant will receive a Permit/Deny notification.
— Authentication Fails: authentication will fail when the Supplicant fails to
respond to requests from the Authenticator, when management controls
prevent the port from being authorized, when the link is down, or when the
user supplied incorrect logon information.
PBNAC CLI Commands
The following table contains a list of the CLI commands for the PBNAC feature. The
rules of syntax and output examples are all set out in detail in the Reference Guide.