Cray System Management Documentation > Cray System Management (CSM) Administration Guide > network > Management Network User Guide > Aruba Installation and Configuration Guide > 802.1X

802.1X

IEEE 802.1X is an IEEE standard for port-based network access control (PNAC). This standard provides an authentication mechanism to devices wishing to attach to a LAN or WLAN. IEEE 802.1X defines the encapsulation of the Extensible Authentication Protocol (EAP) over IEEE 802, which is known as EAP over LAN (EAPOL).

NOTE Port security is a feature of “edge” switches such as 63/6400, and it is not available on 83xx.

Configuration Commands

Enter 802.1X authenticator context:

switch(config)# aaa authentication port-access dot1x authenticator

Enable 802.1X authentication:

switch(config-dot1x-auth)# enable

Configure 802.1X authentication method:

switch(config-dot1x-auth)# chap-radius|eap-radius

Configure RADIUS server group for 802.1X:

switch(config-dot1x-auth)# radius server-group NAME

Enter 802.1X authenticator context on a port:

switch(config-if)# aaa authentication port-access dot1x
authenticator

Enable 802.1X authentication on a port:

switch(config-if-dot1x-auth)# enable

Enable cached re-authentication on a port:

switch(config-if-dot1x-auth)# cached-reauth

Configure cached re-authentication period on a port:

switch(config-if-dot1x-auth)# cached-reauth-period VALUE

Configure maximum authentication attempts on a port:

switch(config-if-dot1x-auth)# max-retries VALUE

Configure quiet period on a port:

switch(config-if-dot1x-auth)# quiet-period VALUE

Enable periodic re-authentication on a port:

switch(config-if-dot1x-auth)# reauth

Configure re-authentication period on a port:

switch(config-if-dot1x-auth)# reauth-period VALUE

Configure discovery period on a port:

switch(config-if-dot1x-auth)# discovery-period VALUE

Configure EAPOL timeout on a port:

switch(config-if-dot1x-auth)# eapol-timeout VALUE

Configure maximum EAPOL requests on a port:

switch(config-if-dot1x-auth)# max-eapol-requests VALUE

Configure force authorized on a port:

switch(config-if-dot1x-auth)# authorized

Show commands to validate functionality: :

show aaa authentication port-access dot1x authenticator interface <IFACE|all> <port-statistics|client-status> [mac MAC-ADDR]

Expected Results

Expected outcomes following configuration:

Administrators can enable dot1x authentication
Administrators are able to authenticate using the specified dot1x authentication method
The output of the show commands looks correct

Back to Index