Concept Guide
EAP over RADIUS
802.1X uses RADIUS to shuttle EAP packets between the authenticator and the authentication server, as dened in RFC 3579.
EAP messages are encapsulated in RADIUS packets as a type of attribute in Type, Length, Value (TLV) format. The Type value for EAP
messages is 79.
Figure 5. EAP Over RADIUS
RADIUS Attributes for 802.1 Support
Dell Networking systems include the following RADIUS attributes in all 802.1X-triggered Access-Request messages:
Attribute 5
NAS-Port: the physical port number by which the authenticator is connected to the supplicant.
Attribute 31 Calling-station-id: relays the supplicant MAC address to the authentication server.
Attribute 41 NAS-Port-Type: NAS-port physical port type. 5 indicates Ethernet.
Attribute 81 Tunnel-Private-Group-ID: associate a tunneled session with a particular group of users.
Conguring 802.1X
Conguring 802.1X on a port is a two-step process.
1 Enable 802.1X globally (refer to Enabling 802.1X).
2 Enable 802.1X on an interface (refer to Enabling 802.1X).
Related Conguration Tasks
• Conguring Request Identity Re-transmissions
• Forcibly Authorizing or Unauthorizing a Port
• Re-authenticating a Port
• Conguring Timeouts
• Conguring a Guest VLAN
• Conguring an Authentication-fail VLAN
96
802.1X