Administrator Guide

802.1X

802.1X is a port-based Network Access Control (PNAC) that provides an authentication mechanism to devices wishing to

attach to a LAN or WLAN. A device connected to a port that is enabled with 802.1X is disallowed from sending or receiving

packets on the network until its identity is verified (through a username and password, for example).

802.1X employs Extensible Authentication Protocol (EAP) to transfer a device’s credentials to an authentication server (typically

RADIUS) using a mandatory intermediary network access device, in this case, a Dell EMC Networking switch. The network

access device mediates all communication between the end-user device and the authentication server so that the network

remains secure. The network access device uses EAP-over-Ethernet (EAPOL) to communicate with the end-user device and

EAP-over-RADIUS to communicate with the server.

NOTE: The Dell EMC Networking Operating System (OS) supports 802.1X with EAP-MD5, EAP-OTP, EAP-TLS, EAP-TTLS,

PEAPv0, PEAPv1, and MS-CHAPv2 with PEAP.

The following figures show how the EAP frames are encapsulated in Ethernet and RADIUS frames.

Figure 3. EAP Frames Encapsulated in Ethernet and RADUIS

Figure 4. EAP Frames Encapsulated in Ethernet and RADUIS

The authentication process involves three devices:

80 802.1X