Connectivity Guide
NOTE: OS10 supports only RADIUS as the back-end authentication server.
The authentication process involves three devices:
• Supplicant — The device attempting to access the network performs the role of supplicant. Regular trac from this device does not
reach the network until the port associated to the device is authorized. Before that, the supplicant can only exchange 802.1x messages
(EAPOL frames) with the authenticator.
• Authenticator — The authenticator is the gate keeper of the network, translating and forwarding requests and responses between the
authentication server and the supplicant. The authenticator also changes the status of the port based on the results of the
authentication process. The authenticator executes on the Dell EMC device.
• Authentication-server — The authentication-server selects the authentication method, veries the information the supplicant
provides, and grants network access privileges.
Port authentication
The process begins when the authenticator senses a link status change from down to up:
1 The authenticator requests that the supplicant identify itself using an EAP Request Identity frame.
2 The supplicant responds with its identity in an EAP Response Identity frame.
3 The authenticator decapsulates the EAP response from the EAPOL frame, encapsulates it in a RADIUS Access Request frame, and
forwards the frame to the authentication server.
4 The authentication server replies with an Access Challenge frame who requests that the supplicant veries its identity using an EAP-
Method. The authenticator translates and forwards the challenge to the supplicant.
5 The supplicant negotiates the authentication method and provides the EAP Request information in an EAP Response. Another Access
Request frame translates and forwards the response to the authentication server.
254
Layer 2