Users Guide
248 Network Administration: Security
FILE LOCATION: C:\Users\gina\Desktop\Checkout_new\Dell Astute\User
Guide\Dell_Astute_Network_Admin_Security.fm
DELL CONFIDENTIAL – PRELIMINARY 8/9/16 - FOR PROOF ONLY
Authentication Methods
The possible authentication methods are:
•
Dot1x
— The switch supports this authentication mechanism, as
described in the standard, to authenticate and authorize Dot1x
supplicants.
•
MAC-based
— The switch can be configured to use this method to
authenticate and authorize devices that do not support Dot1x. The switch
emulates the supplicant role on behalf of the non-Dot1x-capable devices,
and uses the MAC address of the devices as the username and password,
when communicating with the RADIUS servers. MAC addresses for
username and password must be entered in lower case and with no
delimiting characters (for example: aaccbb55ccff). To use MAC-based
authentication at a port:
– A Guest VLAN must be defined.
– The port must be Guest-VLAN-enabled.
– The packets from the first supplicant, at the port before it is
authorized, must be untagged.
You can configure a port to use Dot1x only, MAC-based only, or Dot1x and
MAC-based authentication. If a port is configured to use both Dot1x and
MAC-based authentication, a Dot1x supplicant has precedence over a
non-Dot1x device. The Dot1x supplicant preempts an authorized, but
non-Dot1x device, at a port that is configured with a single session.
Unauthenticated VLAN and Guest VLANs
Unauthenticated VLANs and Guest VLANs provide access to services that do
not require the subscribing devices or ports to be Dot1x or MAC-Based
authenticated and authorized.
An unauthenticated VLAN is a VLAN that allows access by authorized and
unauthorized devices or ports. You can configure one or more VLAN to be
unauthenticated in the
VLAN Membership
pages.
An unauthenticated VLAN has the following characteristics:
• It must be a static VLAN, and cannot be the Guest VLAN or the default
VLAN.
• The VLAN’s member ports must be manually configured as tagged
members.