Configuring And Displaying 802.1X - Nokia ESB26 User Manual

34.

Configuring and Displaying 802.1X

The BiNOS 802.1X implementation consists of configuring the three participants for
operation. Supplicants that connect to 802.1X authenticators are required to support EAP. The
802.1X implementation needs at least one RADIUS server to be configured. Dot1x works
with every RADIUS server that is compatible with RFC 2865 and RFC 2869, as well as with
every 802.1X supplicant that is compatible with the IEEE 802.1X standard. The RADIUS
server and the supplicant must be configured with the proper authentication identification:
passwords and usernames or certificates and certificate authorities. Third-party supplicants
must also be configured to use the protocol for the adapters and with the appropriate ID
information. This varies depending on the 802.1X supplicant software. The RADIUS server
must be configured with the IP address of any device that requests information. It must also
be configured with a unique key that must also be configured on the switch. Finally, the
RADIUS server must be configured and the switch must be configured as authenticator. For
more information regarding the RADIUS server, see "Understanding and Configuring
Remote Authentication Dial In User Service (RADIUS)".
This setting enables the 802.1X port authentication process and makes the switch an
authenticator. Configured as Authenticator, the switch is able to send the EAP messages to the
supplicant, proxy the information to the configured authentication (RADIUS) server(s), and
act on the messages received from those servers to authorize ports.
The authenticator ports can be in one of three authorization modes: force-authorized (the
default mode), auto and force-unauthorized. To set the ports' mode, proceed according to
the following guidelines:
1. Enter into Interface Configuration mode.
2. Set 802.1X to the particular control type for the specified port. See Setting the Control
Type for a Specified Port.
802.1X Global Configuration Commands
The table below lists the 802.1X global configuration commands.
Table 34-4 802.1X Global Configuration Commands
C o m m a n d
dot1x max-req
dot1x re-authentication
dot1x re-authenticate
dot1x timeout host
MN700004 Rev 01
802.1X Port-Based Authentication
D e s c r i p t i o n
Sets the number of times that the switch sends an EAP-
request/ identity frame to the supplicant before restarting the
authentication process.
Enables periodic re-authentication of the supplicant.
Activates the process of re-authentication on all supplicants and
for all ports.
Sets the supplicants' authentication timeout period.
365