Manualshelf

Users Guide

ManualsBrandsDell ManualsAccess PlatformsPowerSwitch N2000 Series
311312313314315316317318319320
Authentication, Authorization, and Accounting 317
By default, MAB clients are authenticated to the authentication server using
EAP-MD5. MAB clients may optionally be configured to use CHAP or PAP to
authenticate the MAB device. For CHAP or PAP, the following attributes are
sent to the RADIUS server:
1 - User-Name MAC address of MAB device
2 - User Password (PAP only)
3 - CHAP-Password - = Encrypted MAC address (CHAP) only or
unencrypted (PAP) User Name
4 - NAS-IP-Address IP address of the switch
5 - NAS-Port switch internal port number (ifIndex)
6 - Service Type is set to 10 for MAB (Call-Check)
12 - Framed-MTU - port/switch MTU - header length (e.g. 1500)
30 - Called Station ID MAC address of device (in xx:xx:xx:xx:xx:xx format)
31 - Calling Station ID Switch MAC address
60 - CHAP Challenge (CHAP only)
61 - NAS-Port-Type (Ethernet 15)
80 - Message Authenticator
87 - NAS-Port-ID
What is the Role of 802.1X in VLAN Assignment?
Dell EMC Networking N-Series switches allow a port to be placed into a
particular VLAN based on the result of the authentication. The
authentication server can provide information to the switch about which
VLAN to assign the supplicant or the administrator can configure the level of
access provided when authentication fails or is never attempted.
When a host connects to a switch that uses an authentication server to
authenticate, the host authentication will have one of three outcomes:
The host is authenticated.
NOTE: MAB initiates only after the dot1x guest VLAN period times out. If the client
responds to any of the EAPOL identity requests, MAB does not initiate for that
client.