Administrator Guide
Configure RADIUS attributes 8, 87 and 168
Dell EMC Networking OS supports RADIUS attribute provisioning to indicate RADIUS server with IP address to be assigned to a supplicant
and port to which the supplicant is connected. A supplicant is a device attempting to access the network.
Attribute 8
The RADIUS attribute 8 (Framed-IP-Address) indicates the RADIUS server with the IPv4 address that needs to be assigned to a
supplicant connected to the switch. The switch or network access server (NAS) sends the IPv4 address of the connected supplicant as
attribute 8 in the RADIUS Access-Accept requests to the server. The NAS discovers the IPv4 address of the supplicant through Dynamic
Host Configuration Protocol (DHCP). The RADIUS server processes the attributes in the access requests and responds to the NAS based
on the requests.
Enable IPv4 and IPv6 DHCP snooping in the switch to discover a host IPv4 or IPv6 address using the attribute in the RADIUS access
requests.
To include RADIUS attribute 8 in access requests, use the following command:
• DellEMC(conf)# radius-server attribute 8 include-in-access-req
Use no form on the command to remove the attribute 8 configuration.
Attribute 87
The attribute 87 indicates the RADIUS server with the NAS port to which the supplicant is connected. The NAS sends the attribute 87 to
the RADIUS server through the RADIUS access requests. By default, the access requests include the attribute 87.
Attributes 168
RADIUS attribute 168 (Framed-IPv6-Address) indicates the RADIUS server with the IPv6 address to be assigned to the supplicant. The
NAS discovers the IPv6 address of the supplicant and sends the IPv6 address as attribute 168 to the RADIUS server in the access
requests.
To include RADIUS attribute 168 in access requests, use the following command:
• DellEMC(conf)# radius-server attribute 168 include-in-access-req
Use no form on the command to remove the attribute 168 configuration.
Verify RADIUS attribute configuration
Verify the attribute configuration using the show running-config command.
DellEMC# show running-config
!
radius-server host 10.16.206.77 key 7 387a7f2df5969da4
radius-server attribute 8 include-in-access-req
radius-server attribute 168 include-in-access-req
!
dot1x authentication
!
RADIUS-assigned dynamic access control lists
Dell EMC Networking OS supports RADIUS-assigned dynamic access control lists (DACLs) to control the traffic from authenticated
supplicant.
RADIUS-assigned DACLs control Layer 3 (L3) traffic from a supplicant authenticated by the RADIUS server using 802.1x/MAC
Authentication Bypass (MAB). The RADIUS server pushes the DACLs to an OS9 switch that acts as network access server (NAS). Dell
EMC Networking OS applies the downloaded DACLs to an interface or a specific supplicant session(s)/ user(s) in the interface. OS9
switch uses RADIUS-assigned DACLs to filter L3 traffic entering the switch from authenticated supplicant(s) which has RADIUS-assigned
DACL configured in the RADIUS server. This feature allows a centralized administration of security policies for access devices in
enterprises without the need of handling the access policies in the individual devices.
Security
691