Users Guide

Table Of Contents
Authentication, Authorization, and Accounting 323
How Does the Authentication Server Assign DiffServ Policy or ACLs?
The Dell EMC Networking N-Series switches allow the external 802.1X
Authenticator or RADIUS server to assign ACL or DiffServ policies to users
that authenticate to the switch. When a host (supplicant) attempts to
connect to the network through a port, the switch contacts the 802.1X
authenticator or RADIUS server, which then provides information to the
switch about which ACL or DiffServ policy to assign the host (supplicant).
The application of the policy is applied to the host after the authentication
process has completed. The ACL or DiffServ policy is always applied for the
“in” direction of the interface and applies to the interface as a whole. Do not
configure both ACLs and DiffServ policies to an interface at the same time.
For additional guidelines about using an authentication server to assign
DiffServ policies, see "Configuring Authentication Server Dynamic ACL or
DiffServ Policy Assignments" on page 345.
What is the Internal Authentication Server?
The Internal Authentication Server (IAS) is a dedicated local database for
authentication of users for network access through 802.1X. In this database,
the switch maintains a list of username and password combinations to use for
802.1X authentication. Entries can be created in the database manually, or
the IAS information can be uploaded to the switch.
If the authentication method for 802.1X is IAS, the switch uses the locally
stored list of username and passwords to provide port-based authentication to
users instead of using an external authentication server. Authentication using
the IAS supports the EAP-MD5 method only.
Default 802.1X Values
Table 9-12 lists the default values for the 802.1X features.
NOTE: The IAS database does not support VLAN assignments or DiffServ
policy/ACL assignments.
Table 9-12. Default Port-Based Security Values
Feature Description
Global 802.1X status Disabled