Manualshelf

User Guide

ManualsBrandsAlcatel-Lucent ManualsOtherOMNIACCESS SAFEGUARD CONTROLLER
261262263264265266267268269270
OmniAccess SafeGuard OS Administration Guide
265
Chapter 6: Configuring Authentication and Role Derivation
To configure 802.1x authentication:
1 Prepare for authentication by configuring the following:
One or more RADIUS servers for backend authentication. See Configuring
RADIUS Servers on page 252.
The local user database. See Configuring Rule Maps on page 279.
2 Enable 802.1x authentication globally for the switch, as follows:
By default, 802.1x is disabled. When disabled, the 802.1x configuration is retained
and can be changed, but is not activated.
Use the aaa dot1x system-auth-control command in Global Configuration mode
to enable 802.1x. Use the no version of the command to disable the dot1x
authentication support.
aaa dot1x system-auth-control
no aaa dot1x system-auth-control
These commands have no options or parameters.
The following example enables 802.1x globally:
(SafeGuardOS) #configure terminal
(SafeGuardOS) (config) #aaa dot1x system-auth-control
(SafeGuardOS) (config) #exit
(SafeGuardOS) #
3 Set the port authorization state either globally or at an interface level.
To Set Globally:
To set the port authorization for the entire switch, use the aaa dot1x port-control
all in Global Configuration mode. Use the no version of the command to reinstate
the switch to the default value.
aaa dot1x port-control all [auto | force-authorized | force-
unauthorized
]
NOTE: If you plan to connect the host to a VLAN, complete the VLAN
configuration before setting up 802.1x authentication.
NOTE: This command has a substantial impact on the protection mode of the
switch, see Impact of Protection Modes on 802.1x on page 263 before configuring
these commands.