802.1x and RADIUS server authentication
It is possible to activate the Supplicant 802.1X functionalities on a port, confining the router to a
client role. To do so use:
set eth2 dot1x supplicant
if you want to specify the credentials to be used to request the authentication, use:
set dot1x supplicant-login mylogin password mypasswd
The command
show supplicant status
shows the port status, like:
root@IMOLA-TLC> show supplicant status
DOT1X Supplicant is active on interface(s): eth5
Port Address Supplicant PAE Port-Status EAP-State
---- ----------------- -------------- ------------- ---------
eth5 00:0d:5a:ce:fa:8d AUTHENTICATED Authorized SUCCESS
If you use the RADIUS server of the router, you must configure the valid users list and the relative
VLAN-IDs if present. To do that, use:
set radius-server add-user gmg password gmg vlan-id 10 20 30 113 500
set radius-server add-user vll password vll vlan-id 10
set radius-server on
to the gmg user are associated the VLAN IDs 10, 20, 30, 113 and 500, while to the user vll is
associated the VLAN ID 10
If the authentication is successful, the VLANs that were dynamically created are automatically
associated to the user that requested the authentication.
For example, if a terminal connected on the eth2 port request the authentication DOT1X and
specify gmg as user, after the correct authentication, the VLANs eth2.10, eth2.20, eth2.30 and
eth2.113 will be created.
If the authentication is requested with a vll user, it will be created only the VLAN eth2.10.
The VLANS are created in Trunk mode.
If the RADIUS configuration expect a user to which is associated only one VLAN id, another user is
implicitly defined, and the name will have "-acc" suffix. Example: with a vll user, there will be a
vll-acc user also.
If the router requests the authentication specifying the user name vll-acc, the relative VLAN will
be created in Access mode.
To Next Page
Loading...
Need help?
General
