Administrator Guide
Figure 5. EAP Over RADIUS
RADIUS Attributes for 802.1 Support
Dell Networking systems include the following RADIUS attributes in all 802.1X-triggered Access-Request messages:
Attribute 31 Calling-station-id: relays the supplicant MAC address to the authentication server.
Attribute 41 NAS-Port-Type: NAS-port physical port type. 15 indicates Ethernet.
Attribute 61 NAS-Port: the physical port number by which the authenticator is connected to the supplicant.
Attribute 81 Tunnel-Private-Group-ID: associate a tunneled session with a particular group of users.
Configuring 802.1X
Configuring 802.1X on a port is a one-step process.
For more information, see Enabling 802.1X.
Related Configuration Tasks
• Configuring a dot1x Profile
• Configuring MAC addresses for a dot1x Profile
• Configuring static MAB and MAB profile
• Enabling Critical-VLAN
• Configuring Request Identity Re-Transmissions
• Forcibly Authorizing or Unauthorizing a Port
• Configuring a Quiet Period after a Failed Authentication
• Re-Authenticating a Port
• Configuring Timeouts
• Configuring a Guest VLAN
• Configuring an Authentication-Fail VLAN
Important Points to Remember
• The system supports 802.1X with EAP-MD5, EAP-OTP, EAP-TLS, EAP-TTLS, PEAPv0, PEAPv1, and MS-CHAPv2 with PEAP.
• All platforms support only RADIUS as the authentication server.
• If the primary RADIUS server becomes unresponsive, the authenticator begins using a secondary RADIUS server, if configured.
• 802.1X is not supported on port-channels or port-channel members.
• 802.1X is not supported on a port when you configure the port as cascaded.
• The NAS-Port-Type attribute indicates the type of the physical port of the NAS which is authenticating the user. It is used in Access-
Request packets. The value of this attribute is set as Ethernet (15) for both EAP and MAB supplicants.
802.1X
83