802.1X Commands
page 44-12 OmniSwitch 6250 CLI Reference Guide November 2009
802.1x non-supplicant policy authentication
Configures a non-supplicant device classification policy for an 802.1x port. This type of policy uses MAC
authentication via a remote RADIUS server. A non-supplicant is a device that does not support using the
802.1x protocol for authentication.
802.1x slot/port non-supplicant policy authentication [[pass] {group-mobility | vlan vid | default-vlan |
block | captive-portal}] [[fail] {group-mobility | vlan vid | default-vlan | block | captive-portal}]
Syntax Definitions
slot/port The slot and port number of the 802.1x port.
pass Indicates which policies to apply if MAC authentication is successful
but does not return a VLAN ID or the VLAN ID returned does not exist.
fail Indicates which policies to apply if MAC authentication fails.
group-mobility Use Group Mobility rules for device classification.
vlan vid Use this VLAN ID number for device classification.
default-vlan Assigns supplicant to the default VLAN for the 802.1x port.
block Blocks supplicant traffic on the 802.1x port.
captive-portal Use Captive Portal for web-based device classification.
Defaults
When 802.1x is enabled on the port, all non-supplicant traffic is blocked by default.
Platforms Supported
OmniSwitch 6250
Usage Guidelines
• Non-supplicant device classification policies are applied only when successful MAC authentication
does not return a VLAN ID, returns a VLAN ID that does not exist, or MAC authentication fails.
• When MAC authentication does return a VLAN ID that exists in the switch configuration, the suppli-
cant is assigned to that VLAN and no further classification is performed.
• When multiple parameters are configured, the policy is referred to as a compound non-supplicant
policy. Such policies use the pass and fail parameters to specify which policies to use when MAC
authentication is successful and which to use when it fails.
• The pass keyword is implied and therefore an optional keyword. If the fail keyword is not used, the
default action is to block the device when authentication fails.
• The order in which the parameters are specified determines the order in which they are applied.
However, this type of policy must end with either the default-vlan or block, or captive-portal parame-
ters, referred to as terminal parameters (or policies). This applies to both pass and fail policies. If a
terminal parameter is not specified, the block parameter is used by default.
To Next Page
Loading...
