Open Ethernet Networking (OpEN) API Guide and Reference Manual  3.6.0.3
DOT1X

Port-based network access control allows a network administrator to restrict the use of IEEE 802 LAN service access points (ports) to secure communication between authenticated and authorized devices. This standard specifies a common architecture, functional elements, and protocols that support mutual authentication between the clients of ports attached to the same LAN and that secure communication between the ports, including the media access method independent protocols that are used to discover and establish the security associations used by IEEE 802.1AE MAC Security.

DOT1X OpEN API

This document provides a brief description of the DOT1X OpEN APIs. It provides the following services:

Example C Application dot1x_example

Initialization

In the main function, the sample application initializes the OpEN API RPC service by calling openapiClientRegister() and waits for the RPC service in switchdrvr to start. A Client Handle is returned by openapiClientRegister() which is used while invoking the OpEN APIs. The application then exercises the associated OpEN APIs and logs informational and/or error messages on the console. The example application runs to its completion and exits.

dot1x_example

dot1x_example.c is a sample application that demonstrates the use of the DOT1X OpEN API. dot1x_example is started from the command line. It then exercises all the DOT1X OpEN APIs one by one with appropriate arguments to manage the DOT1X component in the ICOS main process (switchdrvr).

Sample Output (LiNe/LinuxHost platform)

# ./dot1x_example

Usage: dot1x_example <test#> <arg1> <arg2> ...
Test 0: Get 802.1x configured global operating control mode.: dot1x_example 0
Test 1: Set 802.1x configured global operating control mode.: dot1x_example 1 <mode>
Test 2: Get 802.1x default authentication method.: dot1x_example 2
Test 3: Set 802.1x default authentication method.: dot1x_example 3 <method>
Test 4: Get 802.1x port configured control mode.: dot1x_example 4 <interface>
Test 5: Set 802.1x port configured control mode.: dot1x_example 5 <interface> <mode>
Test 6: Get 802.1x port guest VLAN ID.: dot1x_example 6 <interface>
Test 7: Set 802.1x port guest VLAN ID.: dot1x_example 7 <interface> <vlan>
Test 8: Get 802.1x port MAB enable configuration.: dot1x_example 8 <interface>
Test 9: Set 802.1x port MAB enable configuration.: dot1x_example 9 <interface> <'true'|'false'>
Test 10: Get 802.1x port operating control mode.: dot1x_example 10 <interface>
Test 11: Get 802.1x port status.: dot1x_example 11 <interface>
Test 12: Get 802.1x port PAE state.: dot1x_example 12 <interface>
Test 13: Get 802.1x port backend authorization state.: dot1x_example 13 <interface>
Test 14: Get 802.1x port MAB mode.: dot1x_example 14 <interface>
Test 15: Get 802.1x port assigned VLAN ID.: dot1x_example 15 <interface>
Test 16: Get 802.1x port assigned VLAN reason.: dot1x_example 16 <interface>
Test 17: Get 802.1x logical port data.: dot1x_example 17 <interface>
Test 18: Set 802.1x authentication host mode.: dot1x_example 18 <interface> <mode>
Test 19: Get 802.1x authentication host mode.: dot1x_example 19 <interface>
Test 20: Set 802.1x MAB authentication type.: dot1x_example 20 <interface> <mode>
Test 21: Get 802.1x MAB authentication type.: dot1x_example 21 <interface>
Test 22: Set 802.1x Authencation periodic.: dot1x_example 22 <interface> <mode>
Test 23: Get 802.1x Authencation periodic.: dot1x_example 23 <interface>
Test 24: Set 802.1x Reauthencation period.: dot1x_example 24 <interface> <mode>
Test 25: Get 802.1x Reauthencation period.: dot1x_example 25 <interface>
Test 26: Set 802.1x Reauth period from server.: dot1x_example 26 <interface> <mode>
Test 27: Get 802.1x Reauth period from server.: dot1x_example 27 <interface>
Test 28: Set 802.1x Authentication manager admin mode.: dot1x_example 28 <mode>
Test 29: Get 802.1x Authentication manager admin mode.: dot1x_example 29

DOT1X CLI/API Cross Reference

CLI Command OpEN API Reference
(Config)#
[no]authentication enable
openapiAuthMgrAdminModeSet()
openapiAuthMgrAdminModeGet()
(Config)#
[no]dot1x system-auth-control
openapiDot1xSystemAuthControlModeSet()
openapiDot1xSystemAuthControlModeGet()
(Config)#
[no]aaa authentication dot1x default {ias | local | none| radius}
openapiDot1xDefaultAuthenMethodSet()
openapiDot1xDefaultAuthenMethodGet()
(Interface-Config Mode)#
[no]authentication port-control {auto | force-authorized | force-unauthorized}
openapiDot1xPortControlModeSet()
openapiDot1xPortControlModeGet()
(Interface-Config Mode)#
[no]mab
openapiDot1xPortMabEnabledSet()
openapiDot1xPortMabEnabledGet()
(Interface-Config Mode)#
[no]authentication event fail action authorize vlan <vlan-id>
openapiDot1xPortGuestVlanSet()
openapiDot1xPortGuestVlanGet()
(Interface-Config Mode)#
[no]authentication periodic
openapiAuthMgrAuthenticationPeriodicSet()
openapiAuthMgrAuthenticationPeriodicGet()
(Interface-Config Mode)#
[no]authentication timer reauthenticate {<sec> | server}
openapiAuthMgrAuthenticationReAuthPeriodFromServerSet()
openapiAuthMgrAuthenticationReAuthPeriodServerGet()
openapiAuthMgrAuthenticationReAuthPeriodSet()
openapiAuthMgrAuthenticationReAuthPeriodGet()
(Interface-Config Mode)#
[no]authentication host-mode {multi-auth | multi-domain | multi-domain-multi-host | multi-host | single-host}
openapiAuthMgrAuthenticationHostModeSet()
openapiAuthMgrAuthenticationHostModeGet()
(Interface-Config Mode)#
[no]mab auth-type {chap | eap-md5 | pap}
openapiMabPortMABAuthTypeSet()
openapiMabPortMABAuthTypeGet()
(Priv-User Mode)#
show authentication interface {<interface> | all}
openapiDot1xPortOperatingControlModeGet()
openapiDot1xPortStatusGet()
openapiDot1xPortPaeStateGet()
openapiDot1xPortBackendAuthStateGet()
openapiDot1xPortOperationalMabModeGet()
openapiDot1xPortVlanAssignedReasonGet()
openapiDot1xPortControlModeGet()
openapiAuthMgrAuthenticationReAuthPeriodGet()
openapiAuthMgrAuthenticationHostModeGet()
openapiAuthMgrAuthenticationReAuthPeriodServerGet()
openapiDot1xPortGuestVlanGet()
openapiDot1xPortMabEnabledGet()
(Priv-User Mode)#
show authentication client {<interface> | all}
openapiDot1xPortVlanAssignedGet()
openapiDot1xPortVlanAssignedReasonGet()
openapiDot1xLogicalPortSupplicantMacAddrGet()
openapiDot1xLogicalPortVlanAssignmentGet()