Users Guide
Authentication, Authorization, and Accounting 313
As shown in Figure 9-3, the Dell EMC Networking switch is the authenticator
and ensures that the supplicant (a PC) that is attached to an 802.1X-
controlled port is authenticated by an authentication server (a RADIUS
server). The result of the authentication process determines whether the
supplicant is authorized to access network services on that controlled port.
Dell EMC Networking N-Series switches support 802.1X authentication
using remote RADIUS or using a local authentication service (IAS).
Supported security methods for supplicant communication with remote
authentication servers include MD5, PEAP, EAP-TTL, EAP-TTLS, and EAP-
TLS. Only EAP-MD5 is supported when using the local authentication server
(IAS) for communication with the supplicant.
For a list of RADIUS attributes that the switch supports, see "Using RADIUS"
on page 263.
What are the 802.1X Port Authentication Modes?
The 802.1X port authentication mode determines whether to allow or prevent
network traffic on the port. A port can configured to be in one of the
following 802.1X authentication modes:
• Auto (default)
• Force-authorized
• Force-unauthorized
These modes control the behavior of the port. The port state is either
Authorized or Unauthorized. 802.1X auto mode may be configured on ports
in general or access mode. 802.1X is not supported on trunk mode ports.
If the port is in the force-authorized mode, the port state is Authorized and
the port sends and receives normal traffic without client port-based
authentication. When a port is in a forced-unauthorized mode, the port state
is Unauthorized and the port ignores supplicant authentication attempts and
does not provide authentication services. By default, when 802.1X is globally
enabled on the switch, all ports are in auto authentication mode, which
means the port will be unauthorized until a successful authentication
exchange has taken place.