The 7705 SAR supports network access control of client devices (for example, PCs and STBs) on an Ethernet network using the IEEE 802.1x standard. 802.1x is a standard for authenticating customer devices before they can access the network. Authentication is performed using Extensible Authentication Protocol (EAP) over LAN (EAPOL).
802.1x provides protection against unauthorized access by forcing the device connected to the 7705 SAR to go through an authentication phase before it is able to send any non-EAP packets. Only EAPOL frames can be exchanged between the aggregation device (authenticator; for example, the 7705 SAR) and the customer device (supplicant) until authentication is successfully completed.
Use the following CLI syntax to configure an 802.1x Ethernet port:
port port-id ethernet
dot1x
max-auth-req max-auth-request
port-control {auto | force-auth | force-unauth}
quiet-period seconds
radius-plcy name
re-authentication
re-auth-period seconds
server-timeout seconds
supplicant-timeout seconds
transmit-period seconds
The following CLI syntax shows an example of configuring an 802.1x Ethernet port:
config# port 1/5/2 ethernet dot1x
config>port>ethernet>dot1x# port-control auto
config>port>ethernet>dot1x# radius-plcy dot1xpolicy
config>port>ethernet>dot1x# re-auth-period 3500
config>port>ethernet>dot1x# transmit-period 30
config>port>ethernet>dot1x# quiet-period 50
config>port>ethernet>dot1x# supplicant-timeout 30
config>port>ethernet>dot1x# server-timeout 30
Use the config port info command to display port configuration information.
ALU-A>config>port>ethernet>dot1x# info detail
----------------------------------------------
port-control auto
radius-plcy dot1xpolicy
re-authentication
re-auth-period 3600
max-auth-req 2
transmit-period 30
quiet-period 60
supplicant-timeout 30
server-timeout 30
no mac-auth
no mac-auth-wait
----------------------------------------------
ALU-A>config>port>ethernet>dot1x#