Quick Reference Guide
982 PowerConnect B-Series TI24X Configuration Guide
53-1002269-02
How multi-device port authentication works
30
traffic from this MAC address is encountered on a MAC-authentication-enabled interface, the
device sends the RADIUS server an Access-Request message with 0007e90feaa1 as both the
username and password. The format of the MAC address sent to the RADIUS server is configurable
through the CLI.
The request for authentication from the RADIUS server is successful only if the username and
password provided in the request matches an entry in the users database on the RADIUS server.
When this happens, the RADIUS server returns an Access-Accept message back to the device.
When the RADIUS server returns an Access-Accept message for a MAC address, that MAC address
is considered authenticated, and traffic from the MAC address is forwarded normally by the device.
Authentication-failure actions
If the MAC address does not match the username and password of an entry in the users database
on the RADIUS server, then the RADIUS server returns an Access-Reject message. When this
happens, it is considered an authentication failure for the MAC address. When an authentication
failure occurs, the device can either drop traffic from the MAC address in hardware (the default), or
move the port on which the traffic was received to a restricted VLAN.
Supported RADIUS attributes
Devices support the following RADIUS attributes for multi-device port authentication:
• Username (1) – RFC 2865
• NAS-IP-Address (4) – RFC 2865
• NAS-Port (5) – RFC 2865
• Service-Type (6) – RFC 2865
• FilterId (11) – RFC 2865
• Framed-MTU (12) – RFC 2865
• State (24) – RFC 2865
• Vendor-Specific (26) – RFC 2865
• Session-Timeout (27) – RFC 2865
• Termination-Action (29) – RFC 2865
• Calling-Station-ID (31) – RFC 2865
• Tunnel-Type (64) – RFC 2868
• Tunnel-Medium-Type (65) – RFC 2868
• EAP Message (79) – RFC 2579
• Message-Authenticator (80) RFC 3579
• Tunnel-Private-Group-Id (81) – RFC 2868
• NAS-Port-id (87) – RFC2869