ERS 4xxx EAPoL (802.1x) Commands

  • 31 October 2017
  • 2 replies
  • 946 views

  • Extreme Employee
  • 11 replies
Thought I would share the EAPoL commands for ERS4xxx switches.
ERS4xxx EAP/802.1x config template

conf t
radius server host acct-enable timeout 10
radius server host key
radius reachability mode use-radius username "avaya" password "avaya"
radius-server encapsulation ms-chap-v2
radius-server password fallback
!radius accounting enable
!cli password telnet radius

vlan member remove 1 1-12 all
vlan configcontrol automatic
vlan ports 1-12 tagging untagAll
eapol multihost voice-vlan 1 enable vid

eapol multihost allow-non-eap-enable
eapol multihost radius-non-eap-enable
eapol multihost non-eap-phone-enable
eapol multihost use-radius-assigned-vlan
eapol multihost non-eap-use-radius-assigned-vlan
eapol multihost eap-packet-mode unicast
eapol multihost multivlan enable (not available on ERS4900)

interface ethernet all
eapol multihost port 1/1-24 enable eap-mac-max 4 allow-non-eap-enable non-eap-mac-max 4 radius-non-eap-enable non-eap-phone-enable use-radius-assigned-vlan non-eap-use-radius-assigned-vlan eap-packet-mode unicast eap-protocol-enable mac-max 6

!ERS4900 - eapol multihost port 1-24 eap-mac-max 4 allow-non-eap-enable non-eap-mac-max 4 radius-non-eap-enable non-eap-phone-enable use-radius-assigned-vlan non-eap-use-radius-assigned-vlan eap-packet-mode unicast eap-protocol-enable mac-max 6
eapol port 1-24 traffic-control in
eapol port 1-24 status auto
eapol port 1-24 radius-dynamic-server enable
exit

eapol allow-port-mirroring(not available in ERS3500)

eapol guest-vlan enable vid or "global"
interface ethernet all
eapol guest-vlan port 1/1-24 enable
exit

! eapol multihost fail-open-vlan vid xxx
! eapol multihost fail-open-vlan enable

no eapol multihost non-eap-pwd-fmt ip-addr
no eapol multihost non-eap-pwd-fmt port-number

eapol enable

2 replies

In the above configuration, what is the ERS 3xxx equivalent to the command "radius-server encapsulation ms-chap-v2"?
There is no equivalent command for 3xxx series. the default encap is PAP for 3xxx.

Reply