802.1X Commands
page 44-18 OmniSwitch 6250 CLI Reference Guide November 2009
802.1x captive-portal policy authentication
Configures a Captive Portal device classification policy for an 802.1x port. This type of policy classifies
both supplicants and non-supplicants that have attempted network access using web-based authentication.
802.1x slot/port captive-portal policy authentication pass {group-mobility | vlan vid | default-vlan |
block}] [fail] {group-mobility | vlan vid | default-vlan | block}
Syntax Definitions
slot/port The slot and port number of the 802.1x port.
pass Indicates which policies to apply if authentication is successful but does
not return a VLAN ID or the VLAN ID returned does not exist.
fail Indicates which policies to apply if authentication fails.
group-mobility Use Group Mobility rules for device classification.
vlan vid Use this VLAN ID number for device classification.
default-vlan Assigns the device to the default VLAN for the 802.1x port.
block Blocks device traffic on the 802.1x port.
Defaults
A default Captive Portal policy is automatically configured when 802.1x is enabled on a port. This default
policy uses the default-vlan parameter for the pass case and the block parameter for the fail case.
Platforms Supported
OmniSwitch 6250
Usage Guidelines
• Captive Portal device classification policies are applied only when successful web-based authentica-
tion does not return a VLAN ID, returns a VLAN ID that does not exist, or when web-based authenti-
cation fails.
• When web-based authentication does return a VLAN ID that exists in the switch configuration, the
device is assigned to that VLAN and no further classification is performed.
• When multiple parameters are configured, the policy is referred to as a compound non-supplicant
policy. Such policies use the pass and fail parameters to specify which policies to use when MAC
authentication is successful and which to use when it fails.
• If the fail keyword is not used, the default action is to block the device when authentication fails.
• The order in which the parameters are specified determines the order in which they are applied.
However, this type of policy must end with either the default-vlan or block parameters, referred to as
terminal parameters (or policies). This applies to both pass and fail policies.
• Captive Portal policies are applied only to 802.1x enabled mobile ports that are configured with an
802.1x supplicant or non-supplicant policy that specifies the use of Captive Portal web-based authenti-
cation.
To Next Page
Loading...
