Configuring 802.1x port authentication, In this chapter, 1x protocol overview – Dell POWEREDGE M1000E User Manual

Page 129: 1x configuration guidelines and restrictions, Chapter 11

Advertising
background image

Dell Converged Enhanced Ethernet Administrator’s Guide

111

53-1002116-01

Chapter

11

Configuring 802.1x Port Authentication

In this chapter

802.1x protocol overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 111

802.1x configuration guidelines and restrictions . . . . . . . . . . . . . . . . . . . . 111

802.1x authentication configuration tasks . . . . . . . . . . . . . . . . . . . . . . . . . 112

Interface-specific administrative tasks for 802.1x . . . . . . . . . . . . . . . . . . . 112

802.1x protocol overview

The 802.1x protocol defines a port-based authentication algorithm involving network data
communication between client-based supplicant software, an authentication database on a server,
and the authenticator device. In this situation the authenticator device is the Dell FCoE hardware.

As the authenticator, the Dell FCoE hardware prevents unauthorized network access. Upon
detection of the new supplicant, the Dell FCoE hardware enables the port and marks it
“unauthorized”. In this state, only 802.1x traffic is allowed. All other traffic, such as DHCP and
HTTP, is blocked. The Dell FCoE hardware transmits an EAP-request to the supplicant, which
responds with the EAP-response packet. The Dell FCoE hardware, which then forwards the
EAP-response packet to the RADIUS authentication server. If the credentials are validated by the
RADIUS server database, the supplicant may access the protected network resources.

NOTE

802.1x port authentication is not supported by LAG (Link Aggregation Group) or interfaces that
participate in a LAG.

NOTE

The EAP-MD5, EAP-TLS, EAP-TTLS and PEAP-v0 protocols are supported by the RADIUS server and
are transparent to the authenticator switch.

When the supplicant logs off, it sends an EAP-logoff message to the Dell FCoE hardware which then
sets the port back to the “unauthorized” state.

802.1x configuration guidelines and restrictions

Follow these 802.1x configuration guidelines and restrictions when configuring 802.1x:

If you globally disable 802.1x, then all interface ports with 802.1x authentication enabled
automatically switch to force-authorized port-control mode.

Advertising
Popular Brands
Popular manuals