Filter
Top Products
Configuring and managing ports and VLANs 93
Nortel WLAN—Security Switch 2300 Series Configuration Guide
To set port 17 as a wired authentication port, type the following command:
WSS# set port type wired-auth 17
success: change accepted
This command configures port 17 as a wired authentication port supporting one interface and one simultaneous user
session.
For 802.1X clients, wired authentication works only if the clients are directly attached to the wired authentication port,
or are attached through a hub that does not block forwarding of packets from the client to the PAE group address
(01:80:c2:00:00:03). Wired authentication works in accordance with the 802.1X specification, which prohibits a client
from sending traffic directly to an authenticator’s MAC address until the client is authenticated. Instead of sending
traffic to the authenticator’s MAC address, the client sends packets to the PAE group address. The 802.1X specification
prohibits networking devices from forwarding PAE group address packets, because this would make it possible for
multiple authenticators to acquire the same client.
For non-802.1X clients, who use MAC authentication, Web-based AAA, or last-resort authentication, wired authentica-
tion works if the clients are directly attached or indirectly attached.
Clearing a port
To change a port’s type from AP access port or wired authentication port, you must first clear the port, then set the port
type.
Clearing a port removes all the port’s configuration settings and resets the port as a network port.
• If the port is an AP access port, clearing the port disables PoE and 802.1X authentication.
• If the port is a wired authenticated port, clearing the port disables 802.1X authentication.
• If the port is a network port, the port must first be removed from all VLANs, which removes the port from all
spanning trees, load-sharing port groups, and so on.
Note. If clients are connected to a wired authentication port through a downstream
third-party switch, the WSS attempts to authenticate based on any traffic coming from the
switch, such as Spanning Tree Protocol (STP) BPDUs. In this case, disable repetitive traffic
emissions such as STP BPDUs from downstream switches. If you want to provide a
management path to a downstream switch, use MAC authentication.
Caution! When you clear a port, WSS Software ends user sessions that are using the
port.
Note. A cleared port is not placed in any VLANs, not even the default VLAN (VLAN 1).