Manualshelf

Administrator Guide

ManualsBrandsDell ManualsAccess PlatformsPowerSwitch N1500 Series
281282283284285286287288289290
Authentication, Authorization, and Accounting 281
In addition to force-authorized, force-unauthorized, and auto modes, the
802.1X mode of a port can be MAC based, as the following section describes.
What is MAC-Based 802.1X Authentication?
MAC-based authentication allows multiple supplicants connected to the
same port to authenticate individually. For example, a 5-port hub might be
connected to a single port on the switch. Each host connected to the hub
must authenticate separately in order to gain access to the network. Hosts
that do not authenticate (or are not configured with MAB or a guest or
unauthenticated VLAN) are denied access to the network.
The hosts are distinguished by their MAC addresses. Internally, the switch
adds an ACL to the port to allow packets from the host MAC address to pass
into the switch.
When multiple hosts (for example, a PC, a printer, and a phone in the same
office) are connected to the switch on the same port, each of the connected
hosts authenticates separately with the RADIUS server.
If a port uses MAC-based 802.1X authentication, the option to use MAC
Authentication Bypass (MAB) is available. MAB is a supplemental
authentication mechanism that allows 802.1X unaware clients – such as
printers, fax machines, and some IP phones — to authenticate to the network
using the client MAC address as an identifier.
The known and allowable MAC address and corresponding access rights of
the client must be pre-populated in the authentication server.
When a port configured for MAB receives traffic from an unauthenticated
client, the switch (Authenticator):
Sends a EAP Request packet to the unauthenticated client
Waits a pre-determined period of time for a response
Retries – resends the EAP Request packet up to three times
NOTE: Only MAC-Based and Auto modes actually use 802.1X to authenticate.
Authorized and Unauthorized modes are manual overrides.
NOTE: By default, all ports are in switchport access mode. A port that uses MAC-
based authentication must be configured to be in General mode.