Avaya supports the following four modes of operation on a port:
Default mode
In this mode, the switch port does not have user-based security (for example, 802.1x/EAP or NSNA). You can, however, configure MAC-based security on these ports.
802.1x (client mode—that is, the 802.1 supplicant is present)
In this mode, the user is authenticated by EAP using an external authentication server, such as a RADIUS server. In this scenario, there is a client (for example, the EAP supplicant) present in the PC.
NSNA dynamic IP mode:
Dynamic IP mode provides authentication by username/password or MAC address and host integrity checking by the Avaya Health Agent applet. Prior knowledge of the client PC is not required on the switch and the client does not require a preinstalled software to operate in the NSNA solution.
NSNA Passive IP mode: Passive IP mode allows NSNA to authenticate printers, fax machines, and other devices where interactive communications with the SNAS 4050 are not normally available. This mode requires that the MAC address of the host client is registered in the NSNAS 4050 database. Authentication is based on the MAC address but is independent of the type of host. Security can be enhanced beyond the MAC address by specifying optional fields, including user name, switch unit and switch port. Host integrity checking is not available with Passive mode.
It is technically possible to configure ports in different modes within the same switch. However, a single port cannot be configured into multiple modes (for example, NSNA and 802.1x are currently mutually incompatible).