Manualshelf

Administrator Guide

ManualsBrandsDell ManualsAccess PlatformsPowerSwitch N4000 Series
231232233234235236237238239240
Authentication, Authorization, and Accounting 237
By default, Dell switches are configured with a method list that contains the
methods (in order) Dot1x, MAB, and Captive Portal (web-auth) as the
default methods for all the ports. Dell switches restrict the configuration such
that no method is allowed to follow the Captive Portal method, if configured.
The authentication manager controls only the order in which the
authentication methods are executed. The switch administrator is responsible
for implementing the required configuration for the respective methods to
authenticate successfully.
Authentication Restart
Authentication restarts from the first configured method on any of the
following events:
•Link flap
Authentication fails for all configured methods
Authentication priority (802.1X packet received when a lower priority
method is active)
802.1X Interaction
By default, 802.1X drops all traffic prior to successful 802.1X (or MAB)
authentication. If Captive Portal is configured as a method, authentication
allows certain traffic types, such as DHCP or DNS, access to the network
during the Captive Portal method invocation.
Authentication Priority
The default authentication priority of a method is equivalent to its position
in the order of the authentication list. If authentication method priorities are
not configured, then the relative priorities (first is highest) are in the same
order as that of the per-port based authentication list.
Authentication priority allows a higher-priority method (not currently
running) to interrupt an authentication in progress with a lower-priority
method. Alternatively, if the client is already authenticated, an interrupt from
a higher-priority method can cause a client, which was previously
authenticated using a lower-priority method, to reauthenticate.
For example, if a client is already authenticated using a method other than
802.1X (MAB or Captive Portal) and 802.1X has higher priority than the
authenticated method, and if an 802.1X frame is received, then the existing