1 — ONT and MDU overview
1-22 March 2011 Alcatel-Lucent 7330/7302 ISAM FTTN R04.02.42a
ONT Product Information Guide Edition 01 3FE 54199 AAAA TCZZA
There is one way to identify marginal transmission timing and level problems. If a
marginally transmitting (due to timing or optical signal levels) ONT does range,
upstream data from that ONT and possibly other ONTs on the PON will be
corrupted. Increasing rates of becup (Bit Error Count Upstream) statistics are seen.
The becup counters of the marginally transmitting ONT increase the fastest. Other
ONTs may see smaller increases.
1.9 802.1x authentication
The P-OLT maintains the 802.1x authentication state by terminating the 802.1x
protocol and authenticates end users using the RADIUS server. The ONT provides
the filters for blocking and unblocking a local area network (LAN) port on the ONT.
After the system authenticates a port using 802.1x, the user can use DHCP or PPP.
The 802.1x protocol can be enabled or disabled for each OLT system or for each
ONT user-network interface (LAN port).
Port-based authentication
There are two MAC configuration scenarios for authentication:
• When MAXMAC is 1, the first MAC address to be authenticated is learned on the
bridge port for the duration of session timeout (not the FDB aging timeout). The
MAC address is learned on all VLANs configured on the bridge port. No other
MAC addresses are learned.
• When MAXMAC is greater than 1, MAC learning occurs after authentication is
successful. All MAC addresses are learned dynamically and age out using the
FDB aging timer. The system responds with EAP-Success message if other users
on the port try to authenticate after the port is authorized for traffic.
When the authenticated user logs out, the system performs the following actions:
• closes the port for traffic
• stops accounting for the port
• sends an identity request as multicast over the port to invite any potential users of
the port for authentication
• opens the port for traffic again only after a successful authentication
• sends new identity requests only after the held period expires if the authentication
fails
• sends periodic identity request messages until the port is authenticated
• does not require re-authentication
• flushes the FDB entries that correspond to the port
Note — The 802.1x protocol is only applicable to iBridge mode. In
iBridge mode, VLAN-tagged frames are not supported for 802.1x.
To Next Page
Loading...
