RackSwitch G8000 Application Guide
Chapter 2: Port-based Network Access Control
45BMD00041, November 2008
Configuration guidelines
When configuring EAPoL, consider the following guidelines:
The 802.1X port-based authentication is currently supported only in point-to-point config-
urations, that is, with a single supplicant connected to an 802.1X-enabled switch port.
When 802.1X is enabled, a port has to be in the authorized state before any other Layer 2
feature can be operationally enabled. For example, the STG state of a port is operationally
disabled while the port is in the unauthorized state.
The 802.1X supplicant capability is not supported. Therefore, none of its ports can suc-
cessfully connect to an 802.1X-enabled port of another device, such as another switch,
that acts as an authenticator, unless access control on the remote port is disabled or is con-
figured in forced-authorized mode. For example, if a G8000 is connected to another
G8000, and if 802.1X is enabled on both switches, the two connected ports must be con-
figured in force-authorized mode.
The 802.1X standard has optional provisions for supporting dynamic virtual LAN
assignment via RADIUS tunnelling attributes, for example, Tunnel-Type (=VLAN),
Tunnel-Medium-Type (=802), and Tunnel-Private-Group-ID (=VLAN id).
These attributes are not supported and might affect 802.1X operations. Other unsupported
attributes include Service-Type, Session-Timeout, and Termination-Action.
RADIUS accounting service for 802.1X-authenticated devices or users is not supported.
Configuration changes performed using SNMP and the standard 802.1X MIB will take
effect immediately.
