Manualshelf

Administrator Guide

ManualsBrandsDell ManualsAccess PlatformsPowerSwitch N2100 Series
921922923924925926927928929930
Security Commands 919
RADIUS Commands
Dell Networking N1500/N2000/N3000/N4000 Series Switches
Authentication of users in a large network can be significantly simplified by
making use of a single database of accessible information supplied by an
Authentication Server. These servers commonly use the Remote
Authentication Dial In User Service (RADIUS) protocol as defined by RFC
2865.
RADIUS permits access to a user’s authentication and configuration
information contained on the server only when requests are received from a
client that shares an encrypted secret with the server. This secret is never
transmitted over the network in an attempt to maintain a secure
environment. Any requests from clients that are not appropriately configured
with the secret or access from unauthorized devices are silently discarded by
the server.
RADIUS conforms to a client/server model with secure communications
using UDP as a transport protocol. It is extremely flexible, supporting a
variety of methods to authenticate and statistically track users. It is very
extensible allowing for new methods of authentication to be added without
disrupting existing network functionality.
Dell Networking supports a RADIUS client in conformance with RFC 2865
and accounting functions in conformance with RFC2866. The RADIUS
client will apply user policies under control of the RADIUS server, e.g.
password lockout or login time of day restrictions. The RADIUS client
supports up to 32 named authentication and accounting servers.
RADIUS-based Dynamic VLAN Assignment
If a VLAN assignment is enabled in the RADIUS server, then as part of the
response message, the RADIUS server sends the VLAN ID that the client is
requested to use in the 802.1x tunnel attributes. If dynamic VLAN creation is
enabled on the switch and the RADIUS assigned VLAN does not exist on the
supplicant connected interface, the assigned VLAN is dynamically created.
This implies that the client can connect from any port and be assigned to the
appropriate VLAN, which may be already configured on an uplink interface.
2CSNXXX_SWUM204.book Page 919 Monday, January 25, 2016 1:25 PM