Alcatel 9000 Guía de usuario Pagina 472
- Pagina / 702
- Tabla de contenidos
- MARCADORES
Valorado. / 5. Basado en revisión del cliente
Configuring Access Guardian Policies Configuring 802.1X
page 23-16 OmniSwitch 6800/6850/9000 Network Configuration Guide June 2006
Supplicant Policy Examples
The following table provides example supplicant policy commands and a description of how the resulting
policy is applied to classify supplicant devices:
Configuring Non-supplicant Policies
Non-supplicant policies are used to classify non-802.1x devices connected to 802.1x-enabled switch ports.
There are two types of non-supplicant policies. One type uses MAC authentication to verify the non-
802.1x device. The second type does not perform any authentication and limits device assignment only to
those VLANs that are not authenticated VLANs.
To configure a non-supplicant policy that will perform MAC authentication, use the 802.1x non-suppli-
cant policy authentication command. The following keywords are available with this command to spec-
ify one or more policies for classifying devices:
When multiple policies are specified, the policy is referred to as a compound non-supplicant policy. Note
that the order in which parameters are configured determines the order in which they are applied.
Supplicant Policy Command Example Description
802.1x 1/24 supplicant policy authentication pass
group-mobility default-vlan fail vlan 43 block
If the 802.1x authentication process is successful
but does not return a VLAN ID for the device, then
the following occurs:
1 Group Mobility rules are applied.
2 If Group Mobility classification fails, then the
device is assigned to the default VLAN for
port 1/24.
If the device fails 802.1x authentication, then the
following occurs:
1 If VLAN 43 exists and is not an authenticated
VLAN, then the device is assigned to
VLAN 43.
2 If VLAN 43 does not exist or is an authenti-
cated VLAN, then the device is blocked from
accessing the switch on port 1/24.
802.1x 1/48 supplicant policy authentication
group-mobility vlan 127 default-vlan
If the 802.1x authentication process is successful
but does not return a VLAN ID for the device, then
the following occurs:
1 Group Mobility rules are applied.
2 If Group Mobility classification fails, then the
device is assigned to VLAN 127.
3 If VLAN 127 does not exist, then the device is
assigned to the default VLAN for port 1/48.
If the device fails 802.1x authentication, the device
is blocked on port 1/48.
supplicant policy keywords
group mobility
vlan
default-vlan
block
pass
fail
- OmniSwitch 6800 Series 1
- OmniSwitch 6850 Series 1
- OmniSwitch 9000 Series 1
- Network Configuration Guide 1
- Contents 3
- About This Guide 29
- Who Should Read this Manual? 30
- What is in this Manual? 30
- What is Not in this Manual? 31
- Documentation Roadmap 32
- Related Documentation 34
- • Release Notes 35
- User Manual CD 36
- Technical Support 36
- In This Chapter 37
- Ethernet Specifications 38
- Non Combo Port Defaults 39
- Combo Ethernet Port Defaults 39
- Ethernet Ports Overview 40
- Autonegotiation Guidelines 43
- Resetting Statistics Counters 45
- Flood Only Rate Limiting 46
- Multicast Flood Rate Limiting 47
- Configuring a Port Alias 48
- Setting Interface Line Speed 50
- Configuring Duplex Mode 51
- 2 Managing Source 63
- Learning 63
- Source Learning Defaults 64
- MAC Address Table Overview 66
- Using Static MAC Addresses 66
- 3 Using 802.1s Multiple 71
- Spanning Tree 71
- MST Specifications 72
- MST Region Defaults 73
- MST General Overview 74
- MST Configuration Overview 80
- -> bridge protocol mstp 81
- Switch A Switch B 86
- 4 Configuring Learned 91
- Port Security 91
- Understanding the LPS Table 96
- 5 Configuring VLANs 101
- VLAN Specifications 102
- VLAN Defaults 102
- Sample VLAN Configuration 103
- VLAN Management Overview 104
- Creating/Modifying VLANs 105
- -> vlan 255 stp disable 110
- -> vlan 755 stp enable 110
- OmniSwitch 9700 114
- 6 Configuring Spanning Tree 117
- Parameters 117
- Spanning Tree Specifications 118
- Spanning Tree Overview 120
- Topology Examples 123
- Spanning Tree Operating Modes 125
- Using 1x1 Spanning Tree Mode 126
- Configuring Port Priority 140
- Configuring Port Path Cost 141
- Configuring Port Mode 144
- Example Network Overview 147
- 7 Assigning Ports 151
- Port Assignment Defaults 152
- Sample VLAN Port Assignment 153
- Mobile Tag Enabled 156
- Default VLAN 156
- IP Network 130.0.0.0 157
- IP Network 138.0.0.0 157
- VLAN Rule Classification 158
- -> vlan port mobile 4/1 161
- What is a Secondary VLAN? 163
- OmniSwitch 164
- Enable/Disable Default VLAN 166
- Port Properties 169
- 8 Configuring Port Mapping 171
- Port Mapping Specifications 172
- Port Mapping Defaults 172
- Example Port Mapping Overview 175
- 9 Defining VLAN Rules 177
- VLAN Rules Specifications 178
- VLAN Rules Defaults 178
- VLAN Rules Overview 180
- DHCP Rules 181
- Binding Rules 182
- MAC Address Rules 182
- Network Address Rules 182
- Protocol Rules 182
- Port Rules 183
- Defining DHCP MAC Range Rules 189
- Defining DHCP Port Rules 189
- Defining DHCP Generic Rules 190
- Defining Binding Rules 190
- Defining MAC Address Rules 193
- Defining MAC Range Rules 194
- Defining Protocol Rules 196
- Defining Port Rules 197
- The VLANs 198
- DHCP Servers and Clients 198
- Servers 200
- Clients 200
- Configuration” on page 9-3 201
- 10 Using Interswitch 203
- Protocols 203
- AIP Specifications 204
- AMAP Defaults 204
- AMAP Overview 205
- Discovery 206
- Transmission State 206
- Configuring AMAP 207
- -> show amap 208
- -> amap common 600 208
- -> amap common time 600 208
- Displaying AMAP Information 209
- 11 Configuring 802.1Q 211
- 802.1Q Specifications 212
- 802.1Q Defaults Table 212
- 802.1Q Overview 213
- Configuring an 802.1Q VLAN 215
- Configuring the Frame Type 216
- Show 802.1Q Information 217
- Application Example 218
- 12 Configuring IP 221
- IP Specifications 222
- IP Defaults 222
- IP Overview 224
- Additional IP Protocols 225
- Configuring IP IP Forwarding 229
- Creating a Static Route 230
- Creating a Default Route 230
- Local Proxy ARP 232
- ARP Filtering 233
- IP Configuration 234
- Setting the Decay Value 238
- Enabling DoS Traps 238
- Managing IP 240
- Configuring IP Managing IP 241
- Enabling All ICMP Types 242
- Using the Ping Command 243
- Tracing an IP Route 244
- Displaying TCP Information 244
- Displaying UDP Information 244
- 13 Configuring Static Link 247
- Aggregation 247
- -> static linkagg 5 size 8 254
- -> no static linkagg 5 254
- 14 Configuring Dynamic Link 259
- -> lacp linkagg 2 size 8 269
- -> no lacp linkagg 2 269
- Aggregate Group 270
- Administrative Key 273
- Configuration and Statistics 291
- 15 Configuring IPv6 293
- IPv6 Specifications 294
- IPv6 Defaults 294
- IPv6 Overview 296
- IPv6 Addressing 297
- IPv6 Address Prefix Notation 298
- Tunneling IPv6 over IPv4 299
- 6to4 Site 300
- IPv4 Domain 300
- 6to4 Host 300
- IPv6 Domain 301
- IPv6 Site 301
- Configuring an IPv6 Interface 302
- Modifying an IPv6 Interface 303
- Removing an IPv6 Interface 303
- Assigning IPv6 Addresses 304
- Removing an IPv6 Address 305
- 16 Configuring RIP 309
- RIP Specifications 310
- RIP Defaults 310
- RIP Overview 312
- RIP Routing 313
- Loading RIP 314
- Enabling RIP 314
- Creating a RIP Interface 315
- Enabling a RIP Interface 315
- RIP Routing Configuring RIP 316
- -> ip rip route-tag 1 316
- RIP Options 317
- RIP Redistribution 318
- RIP Security 322
- 17 Configuring RDP 325
- RDP Specifications 326
- RDP Defaults 326
- Reference Guide 328
- RDP Interfaces 330
- Security Concerns 331
- Enabling/Disabling RDP 332
- Creating an RDP Interface 332
- 18 Configuring DHCP Relay 337
- DHCP Relay Specifications 338
- DHCP Relay Defaults 339
- DHCP Relay Overview 341
- DHCP and the OmniSwitch 342
- DHCP Relay and Authentication 342
- Internal DHCP Relay 344
- DHCP Relay Implementation 345
- Setting the Forward Delay 346
- Setting Maximum Hops 347
- Using DHCP Snooping 352
- Enabling DHCP Snooping 353
- VLAN-Level DHCP Snooping 354
- Configuring Rate Limiting 356
- 19 Configuring VRRP 359
- VRRP Specifications 360
- VRRP Defaults 360
- 4 Enable VRRP on each switch 361
- VRRP Overview 362
- Why Use VRRP? 363
- VRRP MAC Addresses 364
- VRRP Startup Delay 364
- VRRP Tracking 365
- Configuration Overview 366
- Setting VRRP Traps 370
- Setting VRRP Startup Delay 370
- Creating Tracking Policies 371
- Master 1 373
- Backup 2 373
- Backup 1 373
- Master 2 373
- 20 Configuring IPX 377
- IPX Specifications 378
- IPX Defaults 378
- IPX Overview 380
- Configuring IPX IPX Overview 381
- IPX Routing 382
- Configuring IPX IPX Routing 383
- -> ipx default-route 222 383
- Using the PING Command 386
- IPX RIP/SAP Filtering 387
- Configuring RIP Filters 388
- Configuring SAP Filters 388
- Configuring GNS Filters 389
- IPX RIP/SAP Filter Precedence 390
- 21 Managing Authentication 393
- Server Defaults 395
- Server Overview 397
- OmniSwitch 6648 398
- ACE/Server 400
- RADIUS Servers 401
- Configuring the RADIUS Client 406
- LDAP Servers 407
- LDAP Server Details 408
- Directory Entries 409
- Directory Searches 410
- Directory Modifications 410
- Directory Compare and Sort 411
- The LDAP URL 411
- LDAP Accounting Attributes 414
- AccountStopTime 415
- AccountFailTime 415
- Dynamic Logging 416
- 22 Configuring 421
- Authenticated VLANs 421
- AVLAN Configuration Overview 424
- Sample AVLAN Configuration 425
- Telnet Authentication Client 427
- -> aaa avlan http language 428
- SSL for Web Browser Clients 431
- Installing the AV-Client 432
- Windows 95 433
- Windows 2000 and Windows NT 433
- button. The software 435
- Windows 95 and Windows 98 436
- Selecting a Dialog Mode 439
- Viewing AV-Client Components 440
- Logging Off the AV-Client 442
- Delay for IP Address Request 443
- Releasing the IP Address 443
- • MAC-Port-IP address 448
- • MAC-Port 448
- Setting Up a DNS Path 449
- Setting Up the DHCP Server 449
- Before Authentication 450
- After Authentication 450
- Configuring Single Mode 452
- 23 Configuring 802.1X 457
- 802.1X Specifications 458
- 802.1X Defaults 458
- 802.1X Overview 462
- 802.1X Ports and DHCP 463
- Re-authentication 463
- 802.1X Accounting 464
- Policy Types 465
- Enabling 802.1X on Ports 467
- -> 802.1x 3/1 direction in 468
- Initializing an 802.1X Port 469
- Supplicant Policy Examples 472
- 24 Managing Policy 477
- Policy Server Specifications 478
- Policy Server Defaults 478
- Policy Server Overview 479
- Modifying Policy Servers 480
- Modifying the Port Number 481
- Modifying the Searchbase 481
- Interaction With CLI Policies 483
- 25 Using ACL Manager 485
- ACLMAN Defaults 486
- Quick Steps for Creating ACLs 487
- ACLMAN Overview 489
- ACL Text Files 490
- ACL Precedence 490
- Using the ACLMAN Shell 491
- ACLMAN Modes and Commands 492
- ACLMAN User Privileges 498
- Configuring ACLs 500
- Saving the ACL Configuration 503
- Importing ACL Text Files 504
- 26 Configuring QoS 507
- QoS Specifications 508
- QoS General Overview 509
- QoS Policy Overview 510
- Condition Combinations 512
- Action Combinations 514
- QoS Defaults 515
- QoS Port Defaults 516
- Policy Rule Defaults 516
- Policy Action Defaults 517
- Default (Built-in) Policies 517
- QoS Configuration Overview 518
- Enabling/Disabling QoS 519
- Using the QoS Log 520
- Log Detail Level 521
- Forwarding Log Events 521
- Displaying the QoS Log 522
- Clearing the QoS Log 523
- Verifying Global Settings 524
- QoS Ports and Queues 525
- Configuring Queuing Schemes 526
- Trusted and Untrusted Ports 528
- Configuring Trusted Ports 529
- Creating Policies 531
- ASCII-File-Only Syntax 532
- Creating Policy Conditions 533
- Creating Policy Actions 534
- Removing Action Parameters 535
- Deleting a Policy Action 535
- Creating Policy Rules 536
- Disabling Rules 537
- Rule Precedence 537
- Saving Rules 537
- Logging Rules 538
- Deleting Rules 538
- Testing Conditions 539
- Sample Group Configuration 542
- Creating Network Groups 543
- Creating Services 544
- Creating Service Groups 545
- Creating MAC Groups 546
- Creating Port Groups 547
- Egress Bandwidth Shaping 548
- Example 1: Source Port Group 549
- Using Map Groups 551
- How Map Groups Work 552
- Creating Map Groups 552
- Applying the Configuration 554
- Flushing the Configuration 555
- Policy Applications 557
- Network 1 558
- 10.10.4.0 558
- Redirection Policies 559
- ICMP Policy Example 560
- Network C 561
- Policy Based Routing 562
- 10.3.0.0 563
- 173.5.1.0 563
- 173.10.2.0 563
- 174.26.1.0 563
- 27 Configuring ACLs 565
- ACL Specifications 566
- ACL Defaults 567
- Valid Combinations 570
- ACL Configuration Overview 571
- Layer 2 ACLs 574
- Layer 3 ACLs 575
- Multicast Filtering ACLs 576
- Using ACL Security Features 578
- Configuring ICMP Drop Rules 581
- ACL Application Example 584
- 28 Configuring IP Multicast 585
- Switching 585
- IPMS Specifications 587
- IPMSv6 Specifications 587
- IPMS Default Values 588
- IPMSv6 Default Values 588
- IPMS Overview 589
- IP Multicast Routing 590
- IGMP Version 3 591
- Configuring IPMS on a Switch 592
- Configuring the IGMP Version 593
- Restoring the IGMP Version 593
- Removing an IGMP Static Group 595
- Modifying IPMS Parameters 596
- Last Member Query Interval 597
- Modifying the Source Timeout 599
- Enabling the IGMP Querying 600
- Disabling the IGMP Querying 600
- Enabling the IGMP Spoofing 601
- Disabling the IGMP Spoofing 601
- Enabling the IGMP Zapping 602
- Disabling the IGMP Zapping 602
- IPMSv6 Overview 603
- MLD version 2 604
- Configuring the MLD Version 2 606
- Restoring the MLD Version 1 606
- Removing an MLD Static Group 608
- Modifying IPMSv6 Parameters 609
- Restoring the Source Timeout 612
- Enabling the MLD Querying 612
- Disabling the MLD Querying 612
- Enabling the MLD Spoofing 614
- Disabling the MLD Spoofing 614
- Enabling the MLD Zapping 615
- Disabling the MLD Zapping 615
- IPMS Application Example 616
- IPMSv6 Application Example 618
- 29 Diagnosing Switch 623
- Problems 623
- Port Mirroring Overview 625
- Port Monitoring Overview 627
- RMON Specifications 632
- RMON Probe Defaults 633
- Switch Health Overview 634
- Switch Health Defaults 635
- Port Mirroring 636
- Creating a Mirroring Session 639
- Deleting A Mirroring Session 642
- Port Monitoring 643
- Receiver 648
- Configuring a sFlow Session 649
- Displaying a sFlow Receiver 650
- Displaying a sFlow Sampler 651
- Displaying a sFlow Poller 651
- Displaying a sFlow Agent 652
- Deleting a sFlow Session 652
- Ethernet Statistics 654
- Displaying RMON Tables 656
- • memory 662
- • temperature 662
- Viewing Sampling Intervals 663
- 30 Using Switch Logging 667
- Switch Logging Specifications 668
- Switch Logging Defaults 669
- Switch Logging Overview 671
- Enabling Switch Logging 672
- Specifying the Severity Level 674
- Removing the Severity Level 675
- -> swlog clear 677
- A Software License 679
- Alcatel License Agreement 680
- C. Linux 683
- E. University of California 688
- G.Random.c 688
- H. Apptitude, Inc 689
- I. Agranat 689
- J. RSA Security Inc 689
- K. Sun Microsystems, Inc 689
- L. Wind River Systems, Inc 690
- Numerics 691
Relacionado con productos y manuales para Software Alcatel 9000
Software Alcatel 2.2-R02 Guía para resolver problemas
(560 paginas)
(560 paginas)
Software Alcatel 2.3) Guía de usuario
(96 paginas)
(96 paginas)
© 2020, manymanuals.es. Todos los derechos reservados | 0.277 s |
Manymanuals.com
Manymanuals.de
Manymanuals.fr
Manymanuals.it
Manymanuals.pl
Manymanuals.cz
Manymanuals.es
Manymanuals-pt.com
Comentarios a estos manuales