CLI Guide
Security Commands 1002
RADIUS Commands
Dell EMC Networking N1100-ON/N1500/N2000/N2100-ON/N2200-
ON/N3000-ON/N3100-ON Series Switches
Authentication of users in a large network can be significantly simplified by
making use of a single database of accessible information supplied by an
Authentication Server. These servers commonly use the Remote
Authentication Dial In User Service (RADIUS) protocol as defined by RFC
2865.
RADIUS permits access to a user’s authentication and configuration
information contained on the server only when requests are received from a
client that shares an encrypted secret with the server. This secret is never
transmitted over the network in an attempt to maintain a secure
environment. Any requests from clients that are not appropriately configured
with the secret or access from unauthorized devices are silently discarded by
the server.
RADIUS conforms to a client/server model with secure communications
using UDP as a transport protocol. It is extremely flexible, supporting a
variety of methods to authenticate and statistically track users. It is very
extensible allowing for new methods of authentication to be added without
disrupting existing network functionality.
Dell EMC Networking supports a RADIUS client in conformance with RFC
2865 and accounting functions in conformance with RFC2866 and RFC6911
for attribute 168. The RADIUS client will apply user policies under control of
the RADIUS server, e.g. password lockout or login time of day restrictions.
The RADIUS client supports up to 32 named authentication and accounting
servers.
For the N1100-ON and N1500 Series switches, the number of supported
authentication and accounting servers is 8.
RADIUS-based Dynamic VLAN Assignment
If a VLAN assignment is enabled in the RADIUS server, then as part of the
response message, the RADIUS server sends the VLAN ID that the client is
requested to use in the 802.1x tunnel attributes. If dynamic VLAN creation is
enabled on the switch (dot1x dynamic-vlan enable) and the RADIUS