Filter
Top Products
Alteon OS Application Guide
Chapter 2: Port-based Network Access Control
7342C4911, January 2007
Configuration Guidelines
When configuring EAPoL, consider the following guidelines:
The 802.1x port-based authentication is currently supported only in point-to-point config-
urations, that is, with a single supplicant connected to an 802.1x-enabled switch port.
When 802.1x is enabled, a port has to be in the authorized state before any other Layer 2
feature can be operationally enabled. For example, the STG state of a port is operationally
disabled while the port is in the unauthorized state.
The 802.1x supplicant capability is not supported. Therefore, none of its ports can suc-
cessfully connect to an 802.1x-enabled port of another device, such as another switch, that
acts as an authenticator, unless access control on the remote port is disabled or is config-
ured in forced-authorized mode. For example, if a GbESM is connected to another
GbESM, and if 802.1x is enabled on both switches, the two connected ports must be con-
figured in force-authorized mode.
The 802.1x standard has optional provisions for supporting dynamic virtual LAN
assignment via RADIUS tunnelling attributes, for example, Tunnel-Type (=VLAN),
Tunnel-Medium-Type (=802), and Tunnel-Private-Group-ID (=VLAN id).
These attributes are not supported and might affect 802.1x operations. Other unsupported
attributes include Service-Type, Session-Timeout, and Termination-Action.
RADIUS accounting service for 802.1x-authenticated devices or users is not supported.
Configuration changes performed using SNMP and the standard 802.1x MIB will take
effect immediately.