IEEE 802.1x (Port Based Network Access Control)
Issue 1 July 2006 125
- Enable the RADIUS feature.
- Configure the port used to access the RADIUS server as "force-authorized."
Tip:
Tip: You can configure on the RADIUS server a PVID, static VLAN binding and port
level for each authenticated user. If the port that the user is connected to is
authorized, those parameters will be assigned to the port.
● Connect the Supplicant - i.e., Windows XP clients - directly to the C360.
● Verify that the dot1x port-control is in auto mode.
● Set the dot1x system-auth-config to enable; the authentication process starts:
- The supplicant is asked to supply a user name and password.
- If authentication is enabled on the port, the Authenticator initiates authentication when
the link is up.
- Authentication Succeeds: after the authentication process completes, the supplicant will
receive a Permit/Deny notification.
- Authentication Fails: authentication will fail when the Supplicant fails to respond to
requests from the Authenticator, when management controls prevent the port from being
authorized, when the link is down, or when the user supplied incorrect logon information.
802.1x CLI Commands
The following table contains a list of the CLI commands for the 802.1x feature. The rules of
syntax and output examples are all set out in detail in the Reference Guide for the Avaya C360
Converged Stackable Switch, 10-300506.
In order to... Use the following command...
Disable dot1x on all ports and
return to default values
clear dot1x config
Display the system dot1x
capabilities, protocol version,
and timer values
show dot1x
Display all the configurable
values associated with the
authenticator port access entity
(PAE) and backend
authenticator
show port dot1x
1 of 3