Nokia routers support port-based network access control for Ethernet ports only. Every Ethernet port can be configured to operate in one of three different operation modes, controlled by the port-control parameter:
force-auth
— Disables 802.1x authentication and causes the port to
transition to the authorized state without requiring any authentication
exchange. The port transmits and receives normal traffic without requiring
802.1x-based host authentication. This is the default setting.
force-unauth — Causes the port to remain in the
unauthorized state, ignoring all attempts by the hosts to authenticate. The
switch cannot provide authentication services to the host through the
interface.
auto — Enables 802.1x authentication. The port starts
in the unauthorized state, allowing only EAPOL frames to be sent and received
through the port. Both the router and the host can initiate an authentication
procedure as described below. The port remains in unauthorized state (no traffic
except EAPOL frames is allowed) until the first client is authenticated
successfully. After this, traffic is allowed on the port for all connected
hosts.