EAP Functionality on Flex UNI Ports

After you enable EAP on a port, all client MACs (MHMV mode) must be authenticated by the RADIUS server in order to have network access. In Multiple Host Multiple VLAN (MHMV) mode, the RADIUS server allocates a MAC to I-SID binding to each client that connects to the switch and uses it to transmit traffic. The binding is not between the MAC and the VLAN. Untagged S-UNIs generated from the RADIUS server for a MAC or MACs are considered as MAC-based S-UNIs.

The RADIUS server also provides the VLAN:ISID binding for the MAC, which results in the addition of an untagged Switched UNI (S-UNI) for that particular I-SID. Only the MAC or MACs that receive the I-SID from the RADIUS server can transmit traffic to Extensible Authentication Protocol (EAP)-enabled Flex UNI ports.

The switch uses MAC-based S-UNIs with EAP-enabled Flex UNI ports in MHMV mode only.

The MAC-based S-UNI model does not apply to MHSA mode. In Multiple Host Single Authentication (MHSA) mode used in the untagged S-UNI model that exists on VOSS switches. S-UNIs generated from the information obtained from the RADIUS server are considered as classic or default untagged S-UNIs.

Note

Note

EAP is not supported on MLT/SMLTs. Only the EAP I-SIDs are synchronized between one vIST peer and another vIST peer. S-UNIs are not synchronzied with the vIST peer.

EAP with Flex UNI is supported on Distributed Virtual Routing (DvR) Leafs. An untagged S-UNI (where the system learns MACs based on the I-SID to MAC binding) must have a platform VLAN associated with it. If a default untagged S-UNI is used, the corresponding S-UNI must be received from the DvR Controllers.