Manualshelf

Users Guide

ManualsBrandsDell ManualsAccess PlatformsEMC PowerSwitch N3000E-ON Series
251252253254255256257258259260
254 Authentication, Authorization, and Accounting
Authentication Manager
Overview
The Authentication Manager supports the hierarchical configuration of host
authentication methods on an interface. Use of the Authentication Manager
is optional, but it is recommended when using multiple types of
authentication on an interface, e.g., Captive Portal in conjunction with MAB
or IEEE 802.1X. Dell switches support the following host authentication
methods:
IEEE 802.1x
MAC Authentication Bypass (MAB)
Captive portal
Using the Authentication Manager, the administrator can configure a list of
authentication methods on a per-port basis. Authentication can be enabled or
disabled. If authentication is disabled, then no authentication method is
applied and the port is provided with open access. The default behavior is
that authentication is disabled for all ports.
The configured authentication methods are attempted in list order. If an
authentication method times out (an error), then the next configured
method is attempted. If an authentication method fails, such as, an incorrect
password was entered, then the next method is not attempted and
authentication begins again from the first method. If all the methods return
an error, then the Authentication Manager starts a timer for reauthentication.
The value of the timer is equal to the re-authentication restart timer. Failure
in this context means that host authentication was attempted and the host
was unable to successfully authenticate. At the expiry of the timer, the
Authentication Manager starts the authentication process again from the first
method in the list.
The Authentication Manager supports configuring a priority for each
authentication method on a port. The authentication priority allows a higher
priority method (not currently running) to interrupt an authentication in
progress with a lower-priority method. If a client is already authenticated, an
interrupt from a higher-priority method can cause a client previously
authenticated using a lower priority method to reauthenticate.