Port Authentication

Information Note: This feature is for Administrative usage only.

Optical LAN OLTs support 802.1x port-based access control via a Remote Access Dial-In User Service (RADIUS) server in the management network. This allows the network provider to authenticate the customer premises equipment (CPE) on a subscriber port before allowing traffic between the subscriber and the network.  

In addition, several Dynamic Authorization Client IP and hostnames representing DAC servers are allowed (4 DAC servers), in the Port Authentication configuration dialog if the Change of Authorization (CoA) option is utilized in the Ethernet Port Profile using the RADIUS tab. 

Use the following procedure to enable 802.1x port-based control for Ethernet Line Port(s), and to, alternately, specify RADIUS server(s):

  1. Logon to EMS and in the Network common tree, right-click on the target OLT and select Protocol on the dropdown list, then select Port Authentication on the dropdown list.

  2. In the Port Authentication dialog, check the Enable 802.1X port based access control check box to enable 802.1X processing for Ethernet Line ports on this OLT.

  3. If RADIUS Authentication is also to be utilized, enter the RADIUS Server IP Address, Shared Key, and repeat the Shared Key in the Confirm Key field for up to four RADIUS servers, The Hide/Show button allows the user to view password text for the Shared key for both the RADIUS server and DAC server, as follows:
  1. If the Dynamic Authorization Client Hostname and IP Address are utilized, enter the hostname or IP address in the field for each DAC server.
  2. When finished, click the Apply button, then click the Close button.
  3. A confirmation message is displayed. Click the OK button to close.