.. _example_interfaces_ethernet_authenticator_802.1x_eap-server_eapserver:

##########
Eap Server
##########


.. sidebar:: Contents

  .. contents::
    :depth: 2
    :local:

This scenario shows how to enable the local 802.1X EAP server
to authenticate users.

.. image:: eapserver.svg
  :width: 400

*******************************************
Test Successful Local 802.1x Authentication
*******************************************

Description
===========

DUT0 is configured to perform 802.1x authentication using
a local database with usernames and passwords. DUT1 uses
the correct username and password.

Scenario
========

.. include:: eapserver/testsuccessfullocal802.1xauthentication

.. raw:: html

  <hr>

*********************************************
Test Unsuccessful Local 802.1x Authentication
*********************************************

Description
===========

DUT0 is configured to perform authentication using a
local database with usernames and passwords. DUT1 uses
an incorrect username.

Scenario
========

.. include:: eapserver/testunsuccessfullocal802.1xauthentication

.. raw:: html

  <hr>

***********************************
Test 802.1x Authentication Failover
***********************************

Description
===========

DUT0 is configured to perform authentication using two
different methods: remote RADIUS server and local database.
When the remote server is not reachable, it failovers and
uses the local database.

Scenario
========

.. include:: eapserver/test802.1xauthenticationfailover

.. raw:: html

  <hr>

***********************************
Test 802.1x Authentication Failopen
***********************************

Description
===========

DUT0 is configured to perform 802.1x authentication using
a local database with usernames and passwords and the fail-open
policy is enabled as well. DUT1 uses an incorrect username and password,
thus triggering the fail-open policy.

Scenario
========

.. include:: eapserver/test802.1xauthenticationfailopen

.. raw:: html

  <hr>

*************************************************
Test 802.1x Authentication Failopen Local Success
*************************************************

Description
===========

DUT0 is configured to perform 802.1x authentication using
a local database with usernames and passwords and the fail-open
policy is enabled as well. DUT1 uses the correct username and password.

Scenario
========

.. include:: eapserver/test802.1xauthenticationfailopenlocalsuccess

.. raw:: html

  <hr>

**************************************************
Test 802.1x Authentication Failopen RADIUS Success
**************************************************

Description
===========

DUT0 is configured to perform authentication using two
different methods: a remote RADIUS server and a local database.
It is also configured to authorise the port by default if
the RADIUS servers are not reachable. As the remote RADIUS server
is reachable, the fail-open policy should **not** be triggered.

Scenario
========

.. include:: eapserver/test802.1xauthenticationfailopenradiussuccess

.. raw:: html

  <hr>

**************************************************
Test 802.1x Authentication Failopen RADIUS Failure
**************************************************

Description
===========

DUT0 is configured to perform authentication using two
different methods: a remote RADIUS server and a local database.
It is also configured to authorise the port by default if
the RADIUS servers are not reachable. As the remote RADIUS server
is reachable, the fail-open policy should **not** be triggered.

Scenario
========

.. include:: eapserver/test802.1xauthenticationfailopenradiusfailure

.. raw:: html

  <hr>

**************************************************************
Test 802.1x Authentication RADIUS Success Fallback to Failopen
**************************************************************

Description
===========

DUT0 is configured to perform authentication using two
different methods: a remote RADIUS server and local database.
It is also configured to authorise the port by default if
the RADIUS servers are not reachable. Initially, when the RADIUS
server is reachable the user should be authenticated based on its
decision. When the RADIUS server becomes unreachable, the failover
policy triggers. As the provided identity is not found in the local
database, the fail-open policy triggers and authenticates the port.

Scenario
========

.. include:: eapserver/test802.1xauthenticationradiussuccessfallbacktofailopen

.. raw:: html

  <hr>

**************************************************************
Test 802.1x Authentication RADIUS Failure Fallback to Failopen
**************************************************************

Description
===========

DUT0 is configured to perform authentication using two
different methods: a remote RADIUS server and local database.
It is also configured to authorise the port by default if
the RADIUS servers are not reachable. Initially, when the RADIUS
server is reachable the user should **not** be authenticated based
on its decision. When the RADIUS server becomes unreachable, the failover
policy triggers. As the provided identity is not found in the local
database, the fail-open policy triggers and authenticates the port.

Scenario
========

.. include:: eapserver/test802.1xauthenticationradiusfailurefallbacktofailopen

.. raw:: html

  <hr>