Alcatel-Lucent OmniSwitch 6800 Series - Quick Steps for Configuring Access Guardian Policies

To Next Page

To Previous Page

Configuring 802.1X Quick Steps for Configuring Access Guardian Policies

OmniSwitch 6800/6850/9000 Network Configuration Guide March 2008 page 27-5

Optional. To display the number of 802.1x users on the switch, use the show 802.1x users command:

-> show 802.1x users

Slot MAC Port User

Port Address State Name

-----+------------------+--------------------+-------------------------

3/1 00:60:4f:11:22:33 Connecting user50

3/1 00:60:4f:44:55:66 Held user51

3/1 00:60:4f:77:88:99 Authenticated user52

3/3 00:60:22:15:22:33 Force-authenticated N/A

3/3 00:60:22:44:75:66 Force-authenticated N/A

3/3 00:60:22:37:98:09 Force-authenticated N/A

See the OmniSwitch CLI Reference Guide for information about the fields in this display.

Quick Steps for Configuring Access Guardian

Policies

When 802.1x is enabled for a switch port, default Access Guardian device classification policies are

applied to all devices connected to the port. As a result, it is only necessary to configure such policies if

the default policy is not sufficient for user access requirements. Therefore, the following quick steps are

optional but provide a brief tutorial for configuring Access Guardian policies:

1 To configure an Access Guardian policy that will authenticate and classify 802.1x users (supplicants),

use the 802.1x supplicant policy authentication command.

-> 802.1x 2/12 supplicant policy authentication pass group-mobility default-vlan

fail vlan 10

2 To configure an Access Guardian policy that will authenticate and classify non-802.1x users (non-

supplicants), use the 802.1x non-supplicant policy authentication command.

-> 802.1x 2/12 non-supplicant policy authentication pass group-mobility default-

vlan fail vlan 10

3 To bypass authentication and restrict device classification of non-802.1x users to VLANs that are not

authenticated VLANs, use the 802.1x non-supplicant policy command..

-> 802.1x 3/10 non-supplicant policy vlan 43 block

4 To set the Access Guardian policy back to the default classification policy for an 802.1x port, use the

802.1x policy default command.

-> 802.1x 3/10 policy default

Note. Verify the Access Guardian configuration using the show 802.1x device classification policies

command:

-> show 802.1x device classification policies

Device classification policies on 802.1x port 2/26

Supplicant:

authentication, block

Non-Supplicant:

Other manuals for Alcatel-Lucent OmniSwitch 6800 Series