ContentsPrint

Configuring advanced port-based EAPOL using EDM

About this task

Configure advanced EAPOL security parameters for an individual port or multiple ports.

Procedure

  1. Follow one of the following paths:

    • From the Device Physical View, select a port, or use Ctrl-click to select more than one port, right-click Edit then click the EAPOL Advance tab.

    • From the Device Physical View, select a port, or use Ctrl-click to select more than one port, then follow the navigation tree to Edit > Chassis > Ports > EAPOL Advance tab.

    • From the navigation tree, select Security > 802.1X/EAP, and click the EAPOL Advance Ports tab.

  2. Configure the parameters as required.
  3. Optionally, to configure parameters for multiple ports, you can use the Multiple Port Configuration section as below.
  4. In the work area, in the Make Selection section of the Multiple Port Configuration pane, click the Switch/Stack/Ports ellipsis (...) to open the Port Editor dialog. If there is no Switch/Stack/Ports selection and you have already selected ports from the Device Physical View, proceed to the next step.
    1. In the Port Editor window, click the ports you want to configure. If you want to configure all ports, click All.
    2. Click OK to return to the Make Selection pane.

    The ports you selected appear in the Switch/Stack/Ports box.

  5. To change the configuration of the selected ports, in the Multiple Port Configuration pane, double-click the cell beneath the column heading that represents the parameter you want to change and do one of the following:

    • If applicable, select a value from a drop-down list.

    • Otherwise, type a value in the cell.

  6. In the Make Selection pane, click Apply Selection.

    The changes appear in the table.

  7. (Optional) Click Clear Selection to clear Multiple Port Configurations or click Hide Non-Editable to display only those parameters that are editable in the Multiple Port Configuration pane for the selected ports.
  8. In the toolbar, click Apply.

Variable definitions

Variable Value
PortNumber Indicates the port number.

Appears only if multiple ports were selected.
DefaultEapAll Enables or disables the default EAP settings.
GuestVlanEnabled Enables or disables Guest VLAN functionality.
GuestVlanId
Specifies the VLAN ID of the VLAN that acts as the Guest VLAN. The default is 0. The Guest VLAN ID can be between 0 and 4094.
importantImportant

Use 0 to indicate a global Guest VLAN ID.
MultiHostMaxMacs Specifies the maximum number of clients allowed on this port. The default is 1. The maximum number can be between 1 and 64.
MultiHostEapMaxNumMacs Specifies the maximum number of EAPOL-authenticated clients allowed on this port. The default is 1. The maximum number can be between 1 and 32
MultiHostAllowNonEapClient Enables or disables support for non EAPOL clients using local authentication.
MultiHostNonEapMaxNumMacs Specifies the maximum number of non EAPOL clients allowed on this port. The default is 1. The maximum number can be between 1 and 32.
MultiHostSingleAuthEnabled Enables or disables Multiple Host with Single Authentication (MHSA) support for non EAPOL clients.
MultihostSingleAuthNoLimit Specifies whether there is a limit on the number of auto-authenticated non-EAPOL clients. A value of true indicates no limit, false indicates there is a limit.

DEFAULT: false
MultiHostRadiusAuthNonEapClient Enables or disables support for non EAPOL clients using RADIUS authentication.
MultiHostAllowNonEapPhones Enables or disables support for Avaya IP Phone clients as another non-EAP type.
MultiHostAllowRadiusAssignedVlan Enables or disables support for VLAN values assigned by the RADIUS server.
MultiHostAllowNonEapRadiusAssignedVlan Enables or disables support for RADIUS-assigned VLANs in multihost-EAP mode for non-EAP clients.
MultiHostEapPacketMode Specifies the mode of EAPOL packet transmission (multicast or unicast).
EapProtocolEnabled Enables or disables EAP protocol.
ProcessRadiusRequestsServerPackets Enables or disables the processing of RADIUS requests-server packets that are received on this port.
MultiHostClearNeap Clears authenticated NEAP clients from a specified port.

To clear a specific authenticated NEAP client from the specified port, type the MAC address of that client in the box.

To clear all authenticated NEAP clients from the specified port, type a MAC address of 00:00:00:00:00:00 in the box.

MultiHostAdacNonEapEnabled Enables or disables Non-EAP Multihost ADAC settings.
Comments on this document?
October 2015
© 2012-2015, Avaya, Inc. All Rights Reserved.