Users Guide

ManualsBrandsDell ManualsAccess PlatformsPowerSwitch S6100-ON

101

102

103

104

105

106

107

108

109

110

dot1x mac-auth-bypass

4 (Optional) Use MAB authentication only — do not use 802.1X authentication rst. If MAB fails the port or the MAC address is

blocked, the port is placed in the guest VLAN (if congured). 802.1x authentication is not even attempted. Re-authentication is

performed using 802.1X timers.

INTERFACE mode

dot1x mac-auth mab-only

Example of Verifying MAB Conguration on an 802.1X-enabled Interface

Verify the MAB and 802.1X conguration using the show dot1x interface command from EXEC Privilege mode.

The bold text shows that MAB is enabled on the interface.

DellEMC#show dot1x interface Te 0/0

802.1X information on Te 0/0:

----------------------------

Dot1x Status: Enable

Port Control: AUTO

Port Auth Status: AUTHORIZED(MAC-AUTH-BYPASS)

Re-Authentication: Disable

Untagged VLAN id: 200

Guest VLAN: Disable

Guest VLAN id: NONE

Auth-Fail VLAN: Disable

Auth-Fail VLAN id: NONE

Auth-Fail Max-Attempts: NONE

Critical VLAN: Disable

Critical VLAN id: NONE

Mac-Auth-Bypass: Enable

Mac-Auth-Bypass Only: Disable

Static-MAB: Disable

Static-MAB Profile: NONE

Tx Period: 30 seconds

Quiet Period: 60 seconds

ReAuth Max: 2

Supplicant Timeout: 30 seconds

Server Timeout: 30 seconds

Re-Auth Interval: 3600 seconds

Max-EAP-Req: 2

Host Mode: SINGLE_HOST

Auth PAE State: Authenticated

Backend State: Idle

Dynamic CoS with 802.1X

Class of Service (CoS) is a method of trac management that groups similar types of trac so that they are serviced dierently. One way

of classifying trac is 802.1p, which uses the 3-bit Priority eld in the VLAN tag to mark frames (other classication methods include ToS,

ACL, and DSCP). Once trac is classied, you can use Quality of Service (QoS) trac management to control the level of service for a

class in terms of bandwidth and delivery time.

For incoming trac, the Dell EMC Networking OS allows you to set a static priority value on a per-port basis or dynamically set a priority on

a per-port basis by leveraging 802.1X.

NOTE

: When a priority is statically congured using the dynamic dot1p command and dynamically congured using dynamic

CoS with 802.1X, the dynamic conguration takes precedence.

You can use dynamic CoS with 802.1X is when the trac from a server should be classied based on the application that it is running. A

static dot1p priority conguration applied from the switch is not sucient in this case, as the server application might change. You would

instead need to push the CoS conguration to the switches based on the application the server is running.

Dynamic CoS uses RADIUS attribute 59, called User-Priority-Table, to specify the priority value for incoming frames. Attribute 59 has an 8-

octet eld that maps the incoming dot1p values to new values; it is essentially a dot1p re-mapping table. The position of each octet

802.1X

109