Configure EAP on an Extreme Integrated Application Hosting Port
Note
This procedure only applies to VSP 4900 Series and VSP 7400 Series.
About this task
Perform this procedure to configure EAP or change the authentication status on Extreme Integrated Application Hosting (IAH) ports. IAH ports are force-authorized by default and are not authenticated by the RADIUS server. You can change this setting so that the IAH ports stay unauthorized.
Procedure
- In the navigation pane, expand .
- Select the IAH port you want to configure.
- Select the EAPOL tab.
- Optional: Select AllowNonEapHost.
- In the Status field, select the required option.
- In the MultiHostMaxClients field, enter a value.
- In the GuestVlanId field, enter a VLAN ID.
- In the FailOpenVlanId field, enter a VLAN ID.
- In the NonEapMaxClients field, enter a value.
- In the EapMaxClients field, enter a value.
- Select MultiHostSingleAuthEnabled.
- In the PortGuestIsid field, type the I-SID to be used as a Guest I-SID.
- In the FailOpenIsid field, type the Fail Open I-SID.
- Select the AdminTrafficControl option as inOut or in.
- Select the LldpAuthEnabled check box to enable LLDP authentication for network access.
- Select ReAuthEnabled.
- In the QuietPeriod field, enter a time interval.
- In the ReAuthPeriod field, enter a time interval.
- In the RetryMax field, type a value.
- Select Apply.
EAPOL Field Descriptions
Use data in the following table to use the EAPOL tab.
|
Name |
Description |
|---|---|
|
PortCapabilities |
Shows the capabilities of the Port Access Entity (PAE) associated with the Extreme Integrated Application Hosting (IAH) port. This parameter indicates whether Authenticator functionality, supplicant functionality, both, or neither, is supported by the PAE of the IAH port. The following capabilities are supported by the PAE of the IAH port:
|
|
PortVirtualPortsEnable |
Shows the status of the Virtual Ports function for the IAH port. |
|
PortCurrentVirtualPorts |
Shows the current number of virtual ports running on the IAH port. |
|
PortAuthenticatorEnable |
Shows the status of the Authenticator function in the PAE. |
|
PortSupplicantEnable |
Shows the Supplicant function in the PAE. |
|
AllowNonEapHost |
Enables network access to hosts that do not participate in 802.1X authentication. The default is disabled. |
|
Status |
Specifies the authentication status for the IAH port.
The default is forceAuthorized. |
|
MultiHostMaxClients |
Specifies the maximum number of supplicants authenticated on the IAH port. |
|
GuestVlanId |
Specifies the VLAN ID to be used as a Guest. Access to unauthenticated hosts connected to the IAH port is provided through this VLAN. 0 indicates that Guest VLAN is not enabled. |
|
FailOpenVlanId |
Specifies the Fail Open VLAN ID for the specific IAH port. If RADIUS server is not reachable on the switch, then all new devices are allowed access to the configured Fail Open VLAN ID. 0 indicates that Fail Open VLAN ID is not enabled. |
|
NonEapMaxClients |
Specifies the maximum number of NEAP authentication MAC addresses allowed on the specific IAH port. 0 indicates that NEAP authentication is disabled. |
|
EAPMaxClients |
Specifies the maximum number of EAP authentication MAC addresses allowed on the specific IAH port. 0 indicates that EAP authentication is disabled. |
|
MultiHostSingleAuthEnabled |
Enables the functionality for network access to the unauthenticated devices only after an EAP or NEAP client is successfully authenticated on the IAH port. The VLAN ID to which the devices are allowed access is the authenticated client's VLAN. The default is disabled. |
|
PortGuestIsid |
Specifies the I-SID to be used as a Guest I-SID. Access to unauthenticated hosts connected to the IAH port is provided through this I-SID. 0 indicates that Guest I-SID is not enabled for this port. |
|
FailOpenIsid |
Specifies the Fail Open I-SID for the IAH port. If the switch declares the RADIUS servers unreachable, then all new devices are allowed access into the configured Fail Open I-SID. 0 indicates that Fail Open I-SID is not enabled for this port. |
|
FlexUniStatus |
Displays the current Flex-UNI status for this IAH port. |
|
AdminTrafficControl |
Configures the Administrative Traffic Control.
The default is inOut.
|
|
OperTrafficControl |
Displays the current Operational Traffic Control status. |
|
LldpAuthEnabled |
Enables LLDP authentication for this IAH port. The default is disabled. |
|
PortOrigin |
Specifies the source of EAP configuration on the IAH port:
|
|
DynamicMHSAEnabled |
Displays the Dynamic MHSA configuration status. |
|
TrafficControlOrigin |
Indicates the origin of Traffic Control configuration on the port. The supported values are:
|
|
Authenticate |
Shows the current Authenticator Port Access Entity (PAE) authenticate status. |
|
Authenticated |
Shows the current Authenticator Port Access Entity (PAE) authenticated status. |
|
Failed |
Shows the current Authenticator Port Access Entity (PAE) failure status. |
|
ReAuthEnabled |
Enables reauthentication of an existing supplicant based on the specified reauthentication time interval. The default is disabled. |
|
QuietPeriod |
Specifies the time interval (in seconds) between authentication failure and start of authentication. |
|
ReauthPeriod |
Specifies the time interval (in seconds) between successive reauthentications. The default is 3600 (1 hour). |
|
RetryMax |
Specifies the maximum Extensible Authentication Protocol (EAP) requests sent to the supplicant before timing out the session. The default is 2. |
|
RetryCount |
Specifies the maximum number of retries attempted. |