DOT1X

Port-based network access control allows a network administrator to restrict the use of IEEE 802 LAN service access points (ports) to secure communication between authenticated and authorized devices. This standard specifies a common architecture, functional elements, and protocols that support mutual authentication between the clients of ports attached to the same LAN and that secure communication between the ports, including the media access method independent protocols that are used to discover and establish the security associations used by IEEE 802.1AE MAC Security.

DOT1X OpEN API

This document provides a brief description of the DOT1X OpEN APIs. It provides the following services:

• Get/Set the dot1x global administrative mode on switch.
  
• Get/Set the dot1x default authentication method on switch.
  
• Get the dot1x port PAE state on switch.
  
• Get the dot1x port back end authorization state on switch.
  
• Get/Set dot1x eapol flood mode on switch.
  
• Get/Set dot1x quiet period on the specified port on switch.
  
• Get/Set dot1x transmit period on the specified port on switch.
  All 'Set' operations would affect the Switch behavior and configuration.

Example C Application dot1x_example

Initialization

In the main function, the sample application initializes the OpEN API RPC service by calling openapiClientRegister() and waits for the RPC service in switchdrvr to start. A Client Handle is returned by openapiClientRegister() which is used while invoking the OpEN APIs. The application then exercises the associated OpEN APIs and logs informational and/or error messages on the console. The example application runs to its completion and exits.

dot1x_example

dot1x_example.c is a sample application that demonstrates the use of the DOT1X OpEN API. dot1x_example is started from the command line. It then exercises all the DOT1X OpEN APIs one by one with appropriate arguments to manage the DOT1X component in the ICOS main process (switchdrvr).

Sample Output (LiNe/LinuxHost platform)

# ./dot1x_example

Usage: dot1x_example <test#> <arg1> <arg2> ...
Test 0: Get 802.1x configured global operating control mode.: dot1x_example 0
Test 1: Set 802.1x configured global operating control mode.: dot1x_example 1 <mode>
Test 2: Get 802.1x default authentication method.: dot1x_example 2
Test 3: Set 802.1x default authentication method.: dot1x_example 3 <method>
Test 4: Get 802.1x port PAE state.: dot1x_example 12 <interface>
Test 5: Get 802.1x port backend authorization state.: dot1x_example 13 <interface>
Test 6: Set 802.1x eapol flood mode.: dot1x_example 6 <mode>
Test 7: Get 802.1x eapol flood mode.: dot1x_example 7
Test 8: Set 802.1x quiet period on the specified port.: dot1x_example 8 <interface><quietPeriod>
Test 9: Get 802.1x quiet period on the specified port.: dot1x_example 9 <interface>
Test 10: Set 802.1x transmit period on the specified port.: dot1x_example 10 <interface><txPeriod>
Test 11: Get 802.1x transmit period on the specified port.: dot1x_example 11 <interface>



DOT1X CLI/API Cross Reference

CLI Command	OpEN API Reference
(Config)# [no]dot1x system-auth-control	openapiDot1xSystemAuthControlModeSet() openapiDot1xSystemAuthControlModeGet()
(Config)# [no]aaa authentication dot1x default {ias | local | none| radius}	openapiDot1xDefaultAuthenMethodSet() openapiDot1xDefaultAuthenMethodGet()
(Interface-Config Mode)# [no]authentication port-control {auto | force-authorized | force-unauthorized}	openapiDot1xPortControlModeSet() openapiDot1xPortControlModeGet()
(Interface-Config Mode)# [no]mab	openapiDot1xPortMabEnabledSet() openapiDot1xPortMabEnabledGet()
(Interface-Config Mode)# [no]authentication event fail action authorize vlan <vlan-id>	openapiDot1xPortGuestVlanSet() openapiDot1xPortGuestVlanGet()
(Priv-User Mode)# show authentication interface {<interface> | all}	openapiDot1xPortOperatingControlModeGet() openapiDot1xPortStatusGet() openapiDot1xPortPaeStateGet() openapiDot1xPortBackendAuthStateGet() openapiDot1xPortOperationalMabModeGet() openapiDot1xPortVlanAssignedReasonGet() openapiDot1xPortControlModeGet() openapiDot1xPortGuestVlanGet() openapiDot1xPortMabEnabledGet()
(Priv-User Mode)# show authentication client {<interface> | all}	openapiDot1xPortVlanAssignedGet() openapiDot1xPortVlanAssignedReasonGet() openapiDot1xLogicalPortSupplicantMacAddrGet() openapiDot1xLogicalPortVlanAssignmentGet()
(Config)# [no]dot1x eapolflood	openapiDot1xEapolFloodModeSet() openapiDot1xEapolFloodModeGet()
(Interface-Config Mode)# [no] dot1x timeout quiet-period	openapiDot1xPortQuietPeriodSet() openapiDot1xPortQuietPeriodGet()
(Interface-Config Mode)# [no] dot1x timeout timeout tx-period	openapiDot1xPortTxPeriodSet() openapiDot1xPortTxPeriodGet()