Оценок - 1, средний балл: 3
(
)
)
|
Фрагмент инструкции
The following example command configures a BGP peering session using a Loopback0 IP interface address: -> ip bgp neighbor 2.2.2.2 update-source Loopback0 See the OmniSwitch 7700/7800/8800 Advanced Routing Configuration Guide for more information. Chapter 22, “Configuring 802.1X” Quick Steps for Configuring 802.1X On page 22-3 the following two new steps should be added to this section: 6 (Optional) Configure a guest VLAN for the 802.1x port using the 802.1x guest-vlan command. -> 802.1x 3/1 guest-vlan 5 7 (Optional) Configure the number of times supplicant devices are polled for identification using the 802.1x supp-polling retry command. -> 802.1x 3/1 supp-polling retry 10 On page 22-3 of this section replace the Note information about how to display 802.1x configuration and user information with the following: page 1-12 Release 5.1.6.R02 User Guide Supplement June 2005 User Documentation Addendum show 802.1x non-supp Note. Verify the 802.1X port configuration using the show 802.1x command: -> show 802.1x 1/13 802.1x configuration for slot 1 port 13: direction = both, operational directions = both, port-control = auto, quiet-period (seconds) = 60, tx-period (seconds) = 30, supp-timeout (seconds) = 30, server-timeout (seconds) = 30, max-req = 2, re-authperiod (seconds) = 3600, reauthentication = no Guest Vlan ID = 20, Supplicant polling retry count = 2 Optional. To display the number of 802.1x users on the switch, use the show 802.1x users command: ->show 802.1x users Slot MAC Port User Port Address State Name -----+------------------+--------------------+------------------------3/ 1 00:60:4f:11:22:33 Connecting user50 3/1 00:60:4f:44:55:66 Held user51 3/1 00:60:4f:77:88:99 Authenticated user52 3/3 00:60:22:15:22:33 Force-authenticated N/A 3/3 00:60:22:44:75:66 Force-authenticated N/A 3/3 00:60:22:37:98:09 Force-authenticated N/A Optional. To display the number of non-802.1x users learned on the switch, use the show 802.1x nonsupp command: ->show 802.1x non-supp Slot MAC Vlan Port Address Learned -----+-----------------+---------3/ 1 00:61:4f:11:22:33 2 3/1 00:61:4f:44:55:66 2 3/1 00:61:4f:77:88:99 2 3/3 00:61:22:15:22:33 5 3/3 00:61:22:44:75:66 5 See the OmniSwitch CLI Reference Guide for information about the fields in this display. New Section, page 22-7 The following section should be added to page 22-7: Release 5.1.6.R02 User Guide Supplement June 2005 page 1-13 show 802.1x non-supp User Documentation Addendum Guest VLANs for Non-802.1x Supplicants For those supplicants that are not 802.1x devices—do not send/receive EAP frames—an optional guest VLAN feature is available to allow traffic from these devices on an 802.1x port. If the user-defined guest VLAN is not available, then traffic from a non-802.1x device is dropped. The switch determines whether or not a device is an 802.1x supplicant by sending EAP-Request/Identity frames on the 802.1x port every 0.5 seconds for a configurable number of times. If no EAP frames are received from a device after the specified number of attempts, the device is determined to be a non-802.1x supplicant and is learned on the guest VLAN configured for that port. If no guest VLAN is available, then the non-802.1x supplicant is blocked from accessing the 802.1x port and no further attempts are made to solicit EAP frames from the device. Note the following when using guest VLANs: • 802.1x supplicants that fail authentication are not eligible for guest VLAN access. This type of VLAN access is only for those devices identified as non-802.1x supplicants that have not made any attempt to authenticate. • Once a non-802.1x supplicant is learned on a guest VLAN, it is no longer eligible for Group Mobility classification and assignment. • If a non-802.1x supplicant device becomes 802.1x capable when it is a member of a guest VLAN, upon authentication the device is automatically moved from the guest VLAN to the appropriate 802.1x specified VLAN. Disconnecting the device from the 802.1x port is not required in this scenario. • If an authenticated 802.1x supplicant becomes non-802.1x capable, the device is moved to an existing guest VLAN after the device is rebooted. By default a guest VLAN is not configured on an 802.1x port. For information about how to configure a guest VLAN, see “Configuring a Guest VLAN” on page 1-14. For information about how to set the number of times an unknown device is polled for identification, see “Configuring the Supplicant Polling Retry Count” on page 1-15. New Section, page 22-11 The following section should be added to page 22-11: Configuring a Guest VLAN To configure a guest VLAN for an 802.1x port, use the 802.1x guest-vlan command with the relevant slot/ port number and specify an existing VLAN ID. For example: -> 802.1x 3/1 guest-vlan 5 This command associates guest VLAN 5 with 802.1x port 3/1. When a non-802.1x supplicant is identified on this port, the source MAC address of the supplicant is learned in VLAN 5. This MAC address is then aged accord...
Эта инструкция также подходит к моделям:Сетевое оборудование - 7700 (685.69 kb)
Сетевое оборудование - 7800 (685.69 kb)