Manualshelf

Users Guide

ManualsBrandsDell ManualsAccess PlatformsFN IO Module
131132133134135136137138139140
802.1X
An authentication server must authenticate a client connected to an 802.1X switch port. Until the authentication, only extensible
authentication protocol over LAN (EAPOL) trac is allowed through the port to which a client is connected. After authentication is
successful, normal trac passes through the port.
The Dell Networking operating software supports remote authentication dial-in service (RADIUS) and active directory environments using
802.1X Port Authentication.
Important Points to Remember
The system limits network access for certain users by using virtual local area network (VLAN) assignments. 802.1X with VLAN assignment
has these characteristics when congured on the switch and the RADIUS server.
If no VLAN is supplied by the RADIUS server or if you disable 802.1X authorization, the port congures in its access VLAN after
successful authentication.
If you enable 802.1X authorization but the VLAN information from the RADIUS server is not valid, the port returns to the Unauthorized
state and remains in the congured access VLAN. This safeguard prevents ports from appearing unexpectedly in an inappropriate VLAN
due to a conguration error. Conguration errors create an entry in Syslog.
If you enable 802.1X authorization and all information from the RADIUS server is valid, the port is placed in the specied VLAN after
authentication.
If you enable port security on an 802.1X port with VLAN assignment, the port is placed in the RADIUS server assigned VLAN.
If you disable 802.1X on the port, it returns to the congured access VLAN.
When the port is in the Force Authorized, Force Unauthorized, or Shutdown state, it is placed in the congured access VLAN.
If an 802.1X port is authenticated and put in the RADIUS server assigned VLAN, any change to the port access VLAN conguration
does not take eect.
The 802.1X with VLAN assignment feature is not supported on trunk ports, dynamic ports, or with dynamic-access port assignment
through a VLAN membership.
Topics:
debug dot1x
dot1x authentication (Conguration)
dot1x authentication (Interface)
dot1x auth-fail-vlan
dot1x auth-server
dot1x auth-type mab-only
dot1x guest-vlan
dot1x host-mode
dot1x mac-auth-bypass
dot1x max-eap-req
dot1x max-supplicants
dot1x port-control
dot1x quiet-period
dot1x reauthentication
6
136 802.1X