ERS 4xxx EAPoL (802.1x) Commands

  • 1
  • Idea
  • Updated 8 months ago
Thought I would share the EAPoL commands for ERS4xxx switches.
ERS4xxx EAP/802.1x config template


conf t
radius server host <radius server <radius-server-ip> acct-enable timeout 10
radius server host key <key>
radius reachability mode use-radius username "avaya" password "avaya"
radius-server encapsulation ms-chap-v2
radius-server password fallback
!radius accounting enable
!cli password telnet radius

vlan member remove 1 1-12 all
vlan configcontrol automatic 
vlan ports 1-12 tagging untagAll
eapol multihost voice-vlan 1 enable vid <voice-vlan>

eapol multihost allow-non-eap-enable
eapol multihost radius-non-eap-enable
eapol multihost non-eap-phone-enable
eapol multihost use-radius-assigned-vlan
eapol multihost non-eap-use-radius-assigned-vlan
eapol multihost eap-packet-mode unicast
eapol multihost multivlan enable (not available on ERS4900)

interface ethernet all
eapol multihost port 1/1-24 enable eap-mac-max 4 allow-non-eap-enable non-eap-mac-max 4 radius-non-eap-enable non-eap-phone-enable use-radius-assigned-vlan non-eap-use-radius-assigned-vlan eap-packet-mode unicast eap-protocol-enable mac-max 6

!ERS4900 - eapol multihost port 1-24  eap-mac-max 4 allow-non-eap-enable non-eap-mac-max 4 radius-non-eap-enable non-eap-phone-enable use-radius-assigned-vlan non-eap-use-radius-assigned-vlan eap-packet-mode unicast eap-protocol-enable mac-max 6
eapol port 1-24 traffic-control in
eapol port 1-24 status auto
eapol port 1-24 radius-dynamic-server enable
exit

eapol allow-port-mirroring(not available in ERS3500)

eapol guest-vlan enable vid <guest-vlan> or "global"
interface ethernet all
eapol guest-vlan port 1/1-24 enable
exit

! eapol multihost fail-open-vlan vid xxx
! eapol multihost fail-open-vlan enable

no eapol multihost non-eap-pwd-fmt ip-addr
no eapol multihost non-eap-pwd-fmt port-number

eapol enable
Photo of James Drennan

James Drennan, Employee

  • 186 Points 100 badge 2x thumb

Posted 8 months ago

  • 1

Be the first to post a reply!