Concept Guide

Figure 6. EAP Over RADIUS

RADIUS Attributes for 802.1X Support

Dell EMC Networking systems include the following RADIUS attributes in all 802.1X-triggered Access-Request messages:

Attribute 31 Calling-station-id: relays the supplicant MAC address to the authentication server.

Attribute 41 NAS-Port-Type: NAS-port physical port type. 15 indicates Ethernet.

Attribute 61 NAS-Port: the physical port number by which the authenticator is connected to the supplicant.

Attribute 81 Tunnel-Private-Group-ID: associate a tunneled session with a particular group of users.

Conguring 802.1X

Conguring 802.1X on a port is a one-step process.

For more information, refer to Enabling 802.1X.

Related Conguration Tasks

• Conguring Request Identity Re-Transmissions

• Forcibly Authorizing or Unauthorizing a Port

• Re-Authenticating a Port

• Conguring Timeouts

• Conguring a Guest VLAN

• Conguring an Authentication-Fail VLAN

Important Points to Remember

• Dell EMC Networking OS supports 802.1X with EAP-MD5, EAP-OTP, EAP-TLS, EAP-TTLS, PEAPv0, PEAPv1, and MS-CHAPv2 with

PEAP.

• All platforms support only RADIUS as the authentication server.

• If the primary RADIUS server becomes unresponsive, the authenticator begins using a secondary RADIUS server, if congured.

• 802.1X is not supported on port-channels or port-channel members.

• The NAS-Port-Type attribute indicates the type of the physical port of the NAS which is authenticating the user. It is used in Access-

Request packets. The value of this attribute is set as Ethernet (15) for both EAP and MAB supplicants.

802.1X