Command Line Reference Guide

ManualsBrandsDell ManualsserversDell Force10 S60-44T

921

922

923

924

925

926

927

928

929

930

Security | 927

An authentication server must authenticate a client connected to an 802.1X switch port. Until the

authentication, only EAPOL (Extensible Authentication Protocol over LAN) traffic is allowed through

the port to which a client is connected. Once authentication is successful, normal traffic passes through

the port.

FTOS supports RADIUS and Active Directory environments using 802.1X Port Authentication.

Important Points to Remember

FTOS limits network access for certain users by using VLAN assignments. 802.1X with VLAN

assignment has these characteristics when configured on the switch and the RADIUS server.

• 802.1X is supported on C-Series, E-Series, and S-Series.

• 802.1X is not supported on the LAG or the channel members of a LAG.

• If no VLAN is supplied by the RADIUS server or if 802.1X authorization is disabled, the port is

configured in its access VLAN after successful authentication.

• If 802.1X authorization is enabled but the VLAN information from the RADIUS server is not

valid, the port returns to the unauthorized state and remains in the configured access VLAN. This

prevents ports from appearing unexpectedly in an inappropriate VLAN due to a configuration

error. Configuration errors create an entry in Syslog.

• If 802.1X authorization is enabled and all information from the RADIUS server is valid, the port is

placed in the specified VLAN after authentication.

• If port security is enabled on an 802.1X port with VLAN assignment, the port is placed in the

RADIUS server assigned VLAN.

• If 802.1X is disabled on the port, it is returned to the configured access VLAN.

• When the port is in the force authorized, force unauthorized, or shutdown state, it is placed in the

configured access VLAN.

• If an 802.1X port is authenticated and put in the RADIUS server assigned VLAN, any change to

the port access VLAN configuration will not take effect.

• The 802.1X with VLAN assignment feature is not supported on trunk ports, dynamic ports, or

with dynamic-access port assignment through a VLAN membership.

dot1x authentication (Configuration)

c e s

Enable dot1x globally; dot1x must be enabled both globally and at the interface level.

Syntax

dot1x authentication

To disable dot1x on an globally, use the no dot1x authentication command.

Defaults

Disabled

Command Modes

CONFIGURATION

Command

History

Commands

Version 8.3.3.1 Introduced on S60

Version 7.6.1.0 Introduced on C-Series and S-Series

Version 7.4.1.0 Introduced on E-Series

dot1x authentication (Interface) Enable dot1x on an interface