Administrator Guide
EAP over RADIUS
802.1X uses RADIUS to shuttle EAP packets between the authenticator and the authentication server, as defined in RFC 3579.
EAP messages are encapsulated in RADIUS packets as a type of attribute in Type, Length, Value (TLV) format. The Type value
for EAP messages is 79.
Figure 5. EAP Over RADIUS
RADIUS Attributes for 802.1 Support
Dell Networking systems include the following RADIUS attributes in all 802.1X-triggered Access-Request messages:
Attribute 31
Calling-station-id: relays the supplicant MAC address to the authentication server.
Attribute 41 NAS-Port-Type: NAS-port physical port type. 15 indicates Ethernet.
Attribute 61 NAS-Port: the physical port number by which the authenticator is connected to the supplicant.
Attribute 81 Tunnel-Private-Group-ID: associate a tunneled session with a particular group of users.
Configuring 802.1X
Configuring 802.1X on a port is a one-step process.
For more information, see Enabling 802.1X.
Related Configuration Tasks
● Configuring a dot1x Profile
● Configuring MAC addresses for a dot1x Profile
● Configuring static MAB and MAB profile
● Enabling Critical-VLAN
● Configuring Request Identity Re-Transmissions
● Forcibly Authorizing or Unauthorizing a Port
● Configuring a Quiet Period after a Failed Authentication
● Re-Authenticating a Port
● Configuring Timeouts
● Configuring a Guest VLAN
● Configuring an Authentication-Fail VLAN
Important Points to Remember
● The system supports 802.1X with EAP-MD5, EAP-OTP, EAP-TLS, EAP-TTLS, PEAPv0, PEAPv1, and MS-CHAPv2 with
PEAP.
86
802.1X