Users Guide
Authentication, Authorization, and Accounting 343
How Does the Authentication Server Assign DiffServ Policy or ACLs?
The Dell EMC Networking N-Series switches allow the external 802.1X
Authenticator or RADIUS server to assign ACL or DiffServ policies to users
that authenticate to the switch. When a host (supplicant) attempts to
connect to the network through a port, the switch contacts the 802.1X
authenticator or RADIUS server, which then provides information to the
switch about which ACL or DiffServ policy to assign the host (supplicant).
The application of the policy is applied to the host after the authentication
process has completed. The ACL or DiffServ policy is always applied for the
“in” direction of the interface and applies to the interface as a whole.
For additional guidelines about using an authentication server to assign
DiffServ policies, see "Configuring Authentication Server Dynamic ACL or
DiffServ Policy Assignments" on page 367.
3 × EAPOL
Timeout
(Guest VLAN
timer expiry or
MAB timer
expiry)
Guest VLAN
enabled
Port State: Permit
VLAN: Guest
Port State: Permit
VLAN: Guest
MAB Success Case Port State: Permit
VLAN: Assigned
Filter: Assigned
Port State: Permit
VLAN: Assigned
Filter: Assigned
MAB Fail Case
Port State: Deny Port State: Permit
VLAN: Default PVID
of the port
Supplicant
Timeout
Port State: Deny Port State: Deny
Port/Client
Authenticated
on Guest VLAN
Delete Guest
VLANID through
Dot1Q
Port State: Deny Port State: Permit
VLAN: Default PVID
of the port
Table 10-11. IEEE 802.1X Monitor Mode Behavior (Continued)
Case Sub-case Regular 802.1X 802.1X Monitor Mode