server and the supplicant. The authenticator also changes the status of the port based on the results of
the authentication process. The Dell Networking switch is the authenticator.
•
The authentication-server selects the authentication method, verifies the information the supplicant
provides, and grants it network access privileges.
Ports can be in one of two states:
•
Ports are in an unauthorized state by default. In this state, non-802.1X traffic cannot be forwarded in or
out of the port.
•
The authenticator changes the port state to authorized if the server can authenticate the supplicant. In
this state, network traffic can be forwarded normally.
NOTE:
The switch places 802.1X-enabled ports in the unauthorized state by default.
Topics:
•
The Port-Authentication Process
•
Configuring 802.1X
•
Important Points to Remember
•
Enabling 802.1X
•
Configuring dot1x Profile
•
Configuring MAC addresses for a do1x Profile
•
Configuring the Static MAB and MAB Profile
•
Configuring Critical VLAN
•
Configuring Request Identity Re-Transmissions
•
Configuring a Quiet Period after a Failed Authentication
•
Forcibly Authorizing or Unauthorizing a Port
•
Re-Authenticating a Port
•
Configuring Dynamic VLAN Assignment with Port Authentication
•
Guest and Authentication-Fail VLANs
•
Multi-Host Authentication
•
Multi-Supplicant Authentication
•
MAC Authentication Bypass
•
Dynamic CoS with 802.1X
The Port-Authentication Process
The authentication process begins when the authenticator senses that a link status has changed from down
to up:
1
When the authenticator senses a link state change, it requests that the supplicant identify itself using an
EAP Identity Request frame.
2
The supplicant responds with its identity in an EAP Response Identity frame.
3
The authenticator decapsulates the EAP response from the EAPOL frame, encapsulates it in a RADIUS
Access-Request frame and forwards the frame to the authentication server.
802.1X
99