PAE
The PAE profile configures 802.1x access to UNI ports. 802.1x allows user authentication prior to granting access to the port.
PAE Profile Attributes
| Attribute | Values | Default | Required | Description |
|---|---|---|---|---|
| Name | Printable string | N/A | Y | The name of the PAE Profile |
| Admin-state | enabled | disabled | Disabled | N | Whether 802.1x and/or MAB is enabled on the port. |
| Auto-start | true | false | True | N |
Whether to force re-authentication upon link recovery. |
| Link-loss-unauthenticate | true | false | True | N | Whether to un-authenticate the port whenever the link goes down. Prevents connection of an unauthorized device after an authorized device has authenticated the port. |
| Admin-controlled-direction | auto | force-unauthorized | force-authorized | Auto | N | Whether to force a port to be authorized or unauthorized, or when set to auto follow the authentication result. This attribute can be used to force authorized or unauthorized states for testing purposes or to work around authorization issues. Should not really be used in production. |
| Quiet-period | 1..65535 | 60 | N | Period after a failed authentication to wait before attempting re-authentication. Keeps failing ports from overloading the RADIUS server. Unit is seconds. |
| Tx-period | 1..65535 | 30 | N | A timer used to determine when the state machine sends an EAPOL PDU. Default is 30 seconds. |
| Supplicant-timeout | 1..65535 | 30 | N | A timer used to determine the timeout on messages between the authenticator and supplicant. |
| Server-timeout | 1..65535 | 30 | N | A timer use to determine the timeout on messages between the authenticator and RADIUS server. |
| Max-requests | 1..10 | 2 | N | Maiximum number of times that the state machine will retransmit an EAP Request packet to the supplicant before it times out the authentication sessions. |
| Max-authorized-supplicants | 1..8 | 1 | N | The maximum number of 802.1x supplicants that are allowed to be authorized on the port. |
| Radius-profile-list | Profile name | n | N | The RADIUS profile to use for authenticating ports. |
Note: * = required parameter
- Command Path – tolt>profiles>pae-profiles>
- Module – tolt
- Container – profiles
- Container – pae-profiles
- Types –
- *Name – The name of the PAE Profile.
- Printable string
- Admin-state – Whether 802.1x and/or MAB is enabled on the port.
- enabled (default) | disabled
- Auto-start – Whether to force re-authentication upon link recovery.
- true (default) | false
- Link-loss-unauthenticate – Whether to un-authenticate the port whenever the link goes down. Prevents connection of an unauthorized device after an authorized device has authenticated the port.
- true (default) | false
- Admin-controlled-direction – Whether to allow authentication to control both directions or only the receive direction.
- rx | both (default)
- Authentication-port-control – Whether to force a port to be authorized or unauthorized, or when set to auto follow the authentication result. This attribute can be used to force authorized or unauthorized states for testing purposes or to work around authorization issues. Should not really be used in production.
- auto (default) | force-unauthorized | force-authorized
- Quiet-period – Period after a failed authentication to wait before attempting re-authentication. Keeps failing ports from overloading the RADIUS server. Unit is seconds.
- 1..65535 (default 60)
- Tx-period – A timer used to determine when the state machine sends an EAPOL PDU. Default is 30 seconds.
- 1..65535 (default 30)
- Supplicant-timeout – A timer used to determine the timeout on messages between the authenticator and supplicant.
- 1..65535 (default 30)
- Server-timeout – A timer used to determine the timeout on messages between the authenticator and RADIUS server.
- 1..65535 (default 30)
- Max-requests – Maximum number of times that the state machine will retransmit an EAP Request packet to the supplicant before it times out the authentication sessions.
- 1..10 (default 2)
- Max-authorized-supplicants – The maximum number of 802.1x supplicants that are allowed to be authorized on the port
- 1..8 (default 1)
- *Radius-profile-list – The RADIUS profile to use for authenticating ports.
- Profile name (default n)
- *Name – The name of the PAE Profile.
PAE Profile Delete
- Command Path – no>tolt>profiles>pae-profiles>
- Command – no
- Module – tolt
- Container – profiles
- Container – pae-profiles
- Type – Example Parameter
- *Name – basic-pae-disabled
- From the MDS1-ESUA<config># command line, input no tolt profiles pae-profiles basic-pae-disabled, and press Enter.
- Input commit and press Enter. Outputs similar to the following are displayed:
MDS1-ESUA<config># no tolt profiles pae-profiles basic-pae-disabled |
PAE Profile Assignment to UNI Port
Note: Refer to CLI Interfaces UNI for Interfaces procedures.
- Command Path – tolt>interfaces>uni>config>
- Module – tolt
- Container – interfaces
- Container – uni
- Container – config
- Types – Example Parameters
- *Aid – ETH1-1-1-2-1
- Ldcp Profile ldcp-basic
- Nac Profile vlan1020
- Pae Profile basic-pae
- PoE Profile basic-poe
- Port Profile basic-port-profile
- Rstp Profile rstp-profile-basic
- From the MDS1-ESUA<config># command line, input tolt interfaces uni config ETH1-1-1-2-1 ldcp-profile ldcp-basic nac-profile vlan1020 pae-profile basic-pae poe-profile basic-poe port-profile basic-port-profile rstp-profile rstp-profile-basic, and press Enter.
- Input commit and press Enter. Outputs similar to the following are displayed:
MDS1-ESUA,Config># tolt interfaces uni config ETH1-1-1-2-1 l ldcp-profile ldcp-basic nac-profile vlan1020 pae-profile basic-pae poe-profile basic-poe port-profile basic-port-profile rstp-profile rstp-profile-basic <enter> MDS1-ESUA<config-config-ETH1-1-1-2-1># commit <enter> commit complete. MDS1-ESUA<config-config-ETH1-1-1-2-1># exit <enter> MDS1-ESUA<Config>#_
FEEDBACK: Are you happy with this material?
Thank you Your feedback helps us to continually improve our content.
On this page