Manualshelf

Users Guide

ManualsBrandsDell ManualsAccess PlatformsPowerSwitch S3048-ON
151152153154155156157158159160
802.1X
802.1X is a port-based Network Access Control (PNAC) that provides an authentication mechanism to devices wishing to attach to a LAN
or WLAN. Until the authentication, only extensible authentication protocol over LAN (EAPOL) trac is allowed through the port to which a
client is connected. After authentication is successful, normal trac passes through the port.
The Dell Networking OS supports remote authentication dial-in service (RADIUS) and active directory environments using 802.1X Port
Authentication.
Important Points to Remember
Dell Networking OS limits network access for certain users by using virtual local area network (VLAN) assignments. 802.1X with VLAN
assignment has these characteristics when congured on the switch and the RADIUS server.
If the primary RADIUS server becomes unresponsive, the authenticator begins using a secondary RADIUS server, if congured.
If no VLAN is supplied by the RADIUS server or if you disable 802.1X authorization, the port congures in its access VLAN after
successful authentication.
If you enable 802.1X authorization but the VLAN information from the RADIUS server is not valid, the port returns to the Unauthorized
state and remains in the congured access VLAN. This safeguard prevents ports from appearing unexpectedly in an inappropriate VLAN
due to a conguration error. Conguration errors create an entry in Syslog.
If you enable 802.1X authorization and all information from the RADIUS server is valid, the port is placed in the specied VLAN after
authentication.
If you enable port security on an 802.1X port with VLAN assignment, the port is placed in the RADIUS server assigned VLAN.
If you disable 802.1X on the port, it returns to the congured access VLAN.
When the port is in the Force Authorized, Force Unauthorized, or Shutdown state, it is placed in the congured access VLAN.
If an 802.1X port is authenticated and put in the RADIUS server assigned VLAN, any change to the port access VLAN conguration
does not take eect.
The 802.1X with VLAN assignment feature is not supported on trunk ports, dynamic ports, or with dynamic-access port assignment
through a VLAN membership.
Topics:
debug dot1x
dot1x auth-fail-vlan
dot1x auth-server
dot1x auth-type mab-only
dot1x authentication (Conguration)
dot1x authentication (Interface)
dot1x critical-vlan
dot1x guest-vlan
dot1x host-mode
dot1x mac-auth-bypass
dot1x max-eap-req
dot1x max-supplicants
dot1x port-control
5
156 802.1X