Administrator Guide
280 Authentication, Authorization, and Accounting
As shown in Figure 10-3, the Dell Networking N1500, N2000, N3000, or
N4000 Series switch, is the authenticator and ensures that the supplicant (a
PC) that is attached to an 802.1X-controlled port is authenticated by an
authentication server (a RADIUS server). The result of the authentication
process determines whether the supplicant is authorized to access network
services on that controlled port. Dell Networking N-Series switches support
authentication using remote RADIUS or TACACS servers and also support
authentication using a local authentication service.
Supported security methods for supplicant communication with remote
authentication servers include MD5, PEAP, EAP-TTL, EAP-TTLS, and EAP-
TLS. Only EAP-MD5 is supported when using the local authentication server
(IAS) for communication with the supplicant.
For a list of RADIUS attributes that the switch supports, see
"Using RADIUS "
on page 241.
What are the 802.1X Port Authentication Modes?
The 802.1X port authentication mode determines whether to allow or prevent
network traffic on the port. A port can configured to be in one of the
following 802.1X authentication modes:
•Auto (default)
•MAC-based
• Force-authorized
• Force-unauthorized.
These modes control the behavior of the port. The port state is either
Authorized or Unauthorized.
If the port is in the force-authorized mode, the port state is Authorized and
the port sends and receives normal traffic without client port-based
authentication. When a port is in a forced-unauthorized mode, the port state
is Unauthorized and the port ignores supplicant authentication attempts and
does not provide authentication services. By default, when 802.1X is globally
enabled on the switch, all ports are in auto authentication mode, which
means the port will be unauthorized until a successful authentication
exchange has taken place. Auto mode is suitable for authentication of a single
supplicant attached to a port.