802.1X; The Port-Authentication Process - Dell C9000 Series Networking Configuration Manual

Hide thumbs Also See for C9000 Series:

Table of Contents

server and the supplicant. The authenticator also changes the status of the port based on the results of

the authentication process. The Dell Networking switch is the authenticator.

The authentication-server selects the authentication method, verifies the information the supplicant

provides, and grants it network access privileges.

Ports can be in one of two states:

Ports are in an unauthorized state by default. In this state, non-802.1X traffic cannot be forwarded in or

out of the port.

The authenticator changes the port state to authorized if the server can authenticate the supplicant. In

this state, network traffic can be forwarded normally.

The switch places 802.1X-enabled ports in the unauthorized state by default.

Configuring 802.1X

Important Points to Remember

Enabling 802.1X

Configuring dot1x Profile

Configuring MAC addresses for a do1x Profile

Configuring the Static MAB and MAB Profile

Configuring Critical VLAN

Configuring Request Identity Re-Transmissions

Configuring a Quiet Period after a Failed Authentication

Forcibly Authorizing or Unauthorizing a Port

Re-Authenticating a Port

Configuring Dynamic VLAN Assignment with Port Authentication

Guest and Authentication-Fail VLANs

Multi-Host Authentication

Multi-Supplicant Authentication

MAC Authentication Bypass

Dynamic CoS with 802.1X

The Port-Authentication Process

The authentication process begins when the authenticator senses that a link status has changed from down

When the authenticator senses a link state change, it requests that the supplicant identify itself using an

EAP Identity Request frame.

The supplicant responds with its identity in an EAP Response Identity frame.

The authenticator decapsulates the EAP response from the EAPOL frame, encapsulates it in a RADIUS

Access-Request frame and forwards the frame to the authentication server.

802.1X