Manualshelf

Quick Reference Guide

ManualsBrandsDell ManualsComputer equipmentPowerConnect B-TI24x
1001100210031004100510061007100810091010
PowerConnect B-Series TI24X Configuration Guide 967
53-1002269-02
Using multi-device port authentication and 802.1X security on the same port
28
1. Multi-device port authentication is performed on the device to authenticate the device MAC
address.
2. If multi-device port authentication is successful for the device, then the Dell device checks
whether the RADIUS server included the Foundry-802_1x-enable VSA (described in Table 153)
in the Access-Accept message that authenticated the device.
3. If the Foundry-802_1x-enable VSA is not present in the Access-Accept message, or is present
and set to 1, then 802.1X authentication is performed for the device.
4. If the Foundry-802_1x-enable VSA is present in the Access-Accept message, and is set to 0,
then 802.1X authentication is skipped. The device is authenticated, and any dynamic VLANs
specified in the Access-Accept message returned during multi-device port authentication are
applied to the port.
5. If 802.1X authentication is performed on the device, and is successful, then dynamic VLANs or
ACLs specified in the Access-Accept message returned during 802.1X authentication are
applied to the port.
If multi-device port authentication fails for a device, then by default traffic from the device is either
blocked in hardware, or the device is placed in a restricted VLAN. You can optionally configure the
Dell device to perform 802.1X authentication on a device when it fails multi-device port
authentication. Refer to “Example 2” on page 970 for a sample configuration where this is used.
Configuring Dell-specific attributes on the RADIUS server
If the RADIUS authentication process is successful, the RADIUS server sends an Access-Accept
message to the Dell device, authenticating the device. The Access-Accept message can include
Vendor-Specific Attributes (VSAs) that specify additional information about the device. If you are
configuring multi-device port authentication and 802.1X authentication on the same port, then you
can configure the Dell VSAs listed in Table 153 on the RADIUS server.
Add these Dell vendor-specific attributes to your RADIUS server configuration, and configure the
attributes in the individual or group profiles of the devices that will be authenticated. The Dell
Vendor-ID is 1991, with Vendor-Type 1.