Administrator Guide
Figure 3. EAP Frames Encapsulated in Ethernet and RADUIS
The authentication process involves three devices:
● The device attempting to access the network is the supplicant. The supplicant is not allowed to communicate on the
network until the authenticator authorizes the port. It can only communicate with the authenticator in response to 802.1X
requests.
● The device with which the supplicant communicates is the authenticator. The authenticator is the gate keeper of the
network. It translates and forwards requests and responses between the authentication server and the supplicant. The
authenticator also changes the status of the port based on the results of the authentication process. The Dell Networking
switch is the authenticator.
● The authentication-server selects the authentication method, verifies the information the supplicant provides, and grants it
network access privileges.
Ports can be in one of two states:
● Ports are in an unauthorized state by default. In this state, non-802.1X traffic cannot be forwarded in or out of the port.
● The authenticator changes the port state to authorized if the server can authenticate the supplicant. In this state, network
traffic can be forwarded normally.
NOTE: The switch places 802.1X-enabled ports in the unauthorized state by default.
Topics:
• The Port-Authentication Process
• Configuring 802.1X
• Important Points to Remember
• Enabling 802.1X
• Configuring dot1x Profile
• Configuring MAC addresses for a do1x Profile
• Configuring the Static MAB and MAB Profile
• Configuring Critical VLAN
• Configuring Request Identity Re-Transmissions
• Configuring a Quiet Period after a Failed Authentication
• Forcibly Authorizing or Unauthorizing a Port
• Re-Authenticating a Port
• Configuring Dynamic VLAN Assignment with Port Authentication
• Guest and Authentication-Fail VLANs
• Multi-Host Authentication
• Multi-Supplicant Authentication
• MAC Authentication Bypass
84
802.1X