EasyManua.ls Logo

Alcatel-Lucent OmniSwitch 6800 Series - Supplicant Policy Examples

Alcatel-Lucent OmniSwitch 6800 Series
926 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Loading...
Configuring Access Guardian Policies Configuring 802.1X
page 27-16 OmniSwitch 6800/6850/9000 Network Configuration Guide March 2008
To configure a compound supplicant policy, use the pass and fail keywords to specify which policies to
apply when 802.1x authentication is successful but does not return a VLAN ID and which policies to
apply when 802.1x authentication fails or returns a VLAN ID that does not exist. The pass keyword is
implied and therefore an optional keyword. If the fail keyword is not used, the default action is to block
the device.
Note. When a policy is specified as a policy to apply when authentication fails, device classification is
restricted to assigning supplicant devices to VLANs that are not authenticated VLANs.
Supplicant Policy Examples
The following table provides example supplicant policy commands and a description of how the resulting
policy is applied to classify supplicant devices:
Supplicant Policy Command Example Description
802.1x 1/24 supplicant policy authentication pass
group-mobility default-vlan fail vlan 43 block
If the 802.1x authentication process is successful
but does not return a VLAN ID for the device, then
the following occurs:
1 Group Mobility rules are applied.
2 If Group Mobility classification fails, then the
device is assigned to the default VLAN for
port 1/24.
If the device fails 802.1x authentication, then the
following occurs:
1 If VLAN 43 exists and is not an authenticated
VLAN, then the device is assigned to
VLAN 43.
2 If VLAN 43 does not exist or is an authenti-
cated VLAN, then the device is blocked from
accessing the switch on port 1/24.
802.1x 1/48 supplicant policy authentication
group-mobility vlan 127 default-vlan
If the 802.1x authentication process is successful
but does not return a VLAN ID for the device, then
the following occurs:
1 Group Mobility rules are applied.
2 If Group Mobility classification fails, then the
device is assigned to VLAN 127.
3 If VLAN 127 does not exist, then the device is
assigned to the default VLAN for port 1/48.
If the device fails 802.1x authentication, the device
is blocked on port 1/48.

Table of Contents

Other manuals for Alcatel-Lucent OmniSwitch 6800 Series

Preview: User Guide
User Guide32 pages
Preview: Management Guide
Management Guide292 pages
Preview: Getting Started Guide
Getting Started Guide32 pages

Related product manuals