Service Manual
Port Authentication (802.1X) Commands
An authentication server must authenticate a client connected to an 802.1X switch port. Until the authentication, only Extensible
Authentication Protocol over LAN (EAPOL) trac is allowed through the port to which a client is connected. After authentication is
successful, normal trac passes through the port.
Dell Networking OS supports RADIUS and Active Directory environments using 802.1X Port Authentication.
Important Points to Remember
Dell Networking OS limits network access for certain users by using VLAN assignments. 802.1X with VLAN assignment has these
characteristics when congured on the switch and the RADIUS server.
• 802.1X is supported on Dell Networking OS.
• 802.1X is not supported on the LAG or the channel members of a LAG.
• If no VLAN is supplied by the RADIUS server or if 802.1X authorization is disabled, the port is congured in its access VLAN after
successful authentication.
• If 802.1X authorization is enabled but the VLAN information from the RADIUS server is not valid, the port returns to the
Unauthorized state and remains in the congured access VLAN. This prevents ports from appearing unexpectedly in an
inappropriate VLAN due to a conguration error. Conguration errors create an entry in Syslog.
• If 802.1X authorization is enabled and all information from the RADIUS server is valid, the port is placed in the specied VLAN
after authentication.
• If port security is enabled on an 802.1X port with VLAN assignment, the port is placed in the RADIUS server assigned VLAN.
• If 802.1X is disabled on the port, it is returned to the congured access VLAN.
• When the port is in the Force Authorized, Force Unauthorized, or Shutdown state, it is placed in the congured access VLAN.
• If an 802.1X port is authenticated and put in the RADIUS server assigned VLAN, any change to the port access VLAN
conguration does not take eect.
• The 802.1X with VLAN assignment feature is not supported on trunk ports, dynamic ports, or with dynamic-access port
assignment through a VLAN membership.
dot1x authentication (Conguration)
Enable dot1x globally; dot1x must be enabled both globally and at the interface level.
Syntax
dot1x authentication
To disable dot1x on globally, use the no dot1x authentication command.
Defaults Disabled.
Command Modes CONFIGURATION
Command History
This guide is platform-specic. For command information about other platforms, refer to the relevant Dell
Networking OS Command Line Reference Guide.
The following is a list of the Dell Networking OS version history for this command.
Version Description
9.8(0.0) Introduced on the S3048-ON and S4048-ON.
9.7(0.0) Introduced on the S6000–ON.
8.3.19.0 Introduced on the S4820T.
8.3.11.1 Introduced on the Z9000.
8.3.7.0 Introduced on the S4810.
7.6.1.0 Introduced on the C-Series and S-Series.
1296
Security