Technical data
BLADE OS 5.1 Application Guide
46
Chapter 2: Port-based Network Access Control BMD00136, November 2009
Configuration Guidelines
When configuring EAPoL, consider the following guidelines:
The 802.1X port-based authentication is currently supported only in point-to-point
configurations, that is, with a single supplicant connected to an 802.1X-enabled switch port.
When 802.1X is enabled, a port has to be in the authorized state before any other Layer 2
feature can be operationally enabled. For example, the STG state of a port is operationally
disabled while the port is in the unauthorized state.
The 802.1X supplicant capability is not supported. Therefore, none of its ports can successfully
connect to an 802.1X-enabled port of another device, such as another switch, that acts as an
authenticator, unless access control on the remote port is disabled or is configured in
forced-authorized mode. For example, if a G8000 is connected to another G8000, and if
802.1X is enabled on both switches, the two connected ports must be configured in
force-authorized mode.
The 802.1X standard has optional provisions for supporting dynamic virtual LAN
assignment via RADIUS tunnelling attributes, for example, Tunnel-Type (=VLAN),
Tunnel-Medium-Type (=802), and Tunnel-Private-Group-ID (=VLAN ID).
These attributes are not supported and might affect 802.1X operations. Other unsupported
attributes include Service-Type, Session-Timeout, and Termination-Action.
RADIUS accounting service for 802.1X-authenticated devices or users is not supported.
Configuration changes performed using SNMP and the standard 802.1X MIB will take effect
immediately.