Configuring EAPOL globally using EDM

Use the following procedure to configure EAPOL globally to configure EAPOL parameters for the switch.

Procedure steps


Step Action

1

From the navigation tree, double-click Security.

2

In the Security tree, double-click 802.1X/EAP.

3

On the EAPOL tab, configure the EAPOL parameters as required.

4

On the toolbar, click Apply.


--End--

Variable definitions

Use the data in the following table to configure EAPOL globally.

Variable Value
SystemAuthControl Enables or disables port access control on the switch.
GuestVlanEnabled Enables or disables the Guest VLAN.
GuestVlanId Sets the VLAN ID of the Guest VLAN.
MultiHostAllow
NonEapClient
Enables or disables support for non EAPOL hosts on EAPOL-enabled ports.
MultiHostSingle
AuthEnabled
Enables or disables Multiple Host Single Authentication (MHSA). When selected, non EAPOL hosts are allowed on a port if there is one authenticated EAPOL client on the port.
MultiHostRadiusAuth
NonEapClient
Enables or disables RADIUS authentication of non EAPOL hosts on EAPOL-enabled ports.
MultiHostAllowNonEapPhones Enables or disables Nortel IP Phone clients as another non-EAP type.
MultiHostAllowRadiusAssignedVlan Enables or disables the use of RADIUS-assigned VLAN values in the Multihost mode.
MultiHostAllowNonEapRadius
AssignedVlan
Enables or disables support for RADIUS-assigned VLANs in multihost-eap mode for non-EAP clients.
MultiHostUseMostRecentRadius
AssignedVlan
Enables or disables the Last Assigned VLAN on a port.
MultiHostMultiVlan Enables or disables the multiple VLAN capability for EAP and non-EAP hosts. The default is disabled.
MultiHostEapPacketMode Enables or disables the choice of packet mode (unicast or multicast) in the Multihost mode.
MultiHostFailOpenVlanEnabled Enables or disables the EAPOL multihost Fail Open VLAN.
Attention

The switch does not validate that Radius Assigned VLAN attribute is not the same as the Fail_Open VLAN. This means that if you configure the Fail_Open VLAN name or ID the same as one of the VLAN names or IDs which can be returned from the RADIUS server, then EAP or NEAP clients cannot be assigned to the Fail_Open VLAN even though no failure to connect to the RADIUS server has occurred.

MultiHostFailOpenVlanId Sets the VLAN ID of the Fail Open VLAN.
NonEapRadiusPasswordAttributeFormat Enables or disables setting the format of the RADIUS Server password attribute for non-EAP clients.