How does the authentication server, Assign diffserv filters – Dell POWEREDGE M1000E User Manual

516

Configuring 802.1X and Port-Based Security

How Does the Authentication Server Assign DiffServ Filters?

The PowerConnect M6220, M6348, M8024, and M8024-k switches allow the

external 802.1X Authenticator or RADIUS server to assign DiffServ policies

to users that authenticate to the switch. When a host (supplicant) attempts

to connect to the network through a port, the switch contacts the 802.1X

authenticator or RADIUS server, which then provides information to the

switch about which DiffServ policy to assign the host (supplicant). The

application of the policy is applied to the host after the authentication

process has completed.

Unauth VLAN

enabled

Port State: Permit

VLAN: Unauth

Port State: Permit

VLAN: Unauth

RADIUS

Timeout

Default behavior

Port State: Deny

Port State: Permit

VLAN: Default

Unauth VLAN

enabled

Port State: Deny

Port State: Permit

VLAN: Unauth

EAPOL Timeout Default behavior

Port State: Deny

Port State: Permit

VLAN: Default

Guest VLAN

enabled

Port State: Permit

VLAN: Guest

Port State: Permit

VLAN: Guest

MAB Success Case Port State: Permit

VLAN: Assigned

Filter: Assigned

Port State: Permit

VLAN: Assigned

Filter: Assigned

MAB Fail Case

Port State: Deny

Port State: Permit

VLAN: Default

Supplicant

Timeout

Port State: Deny

Port State: Deny

Table 19-1. IEEE 802.1X Monitor Mode Behavior (Continued)

Case

Sub-case

Regular Dot1x

Dot1x Monitor Mode