Port-Authentication Process - Dell Z9500 Configuration Manual
Z-series core and aggregation switche
Hide thumbs
Also See for Z9500:
- Command reference manual (1905 pages) ,
- Reference manual (1849 pages) ,
- Installation manual (47 pages)
Table of Contents
Advertisement
•
Ports are in an unauthorized state by default. In this state, non-802.1X traffic cannot be forwarded in or out of the port.
•
The authenticator changes the port state to authorized if the server can authenticate the supplicant. In this state, network
traffic can be forwarded normally.
NOTE:
The Dell Networking switches place 802.1X-enabled ports in the unauthorized state by default.
Topics:
•
Port-Authentication Process
•
Configuring 802.1X
•
Important Points to Remember
•
Enabling 802.1X
•
Configuring dot1x Profile
•
Configuring the Static MAB and MAB Profile
•
Configuring Critical VLAN
•
Configuring MAC addresses for a do1x Profile
•
Configuring Request Identity Re-Transmissions
•
Forcibly Authorizing or Unauthorizing a Port
•
Re-Authenticating a Port
•
Configuring Timeouts
•
Configuring Dynamic VLAN Assignment with Port Authentication
•
Guest and Authentication-Fail VLANs
Port-Authentication Process
The authentication process begins when the authenticator senses that a link status has changed from down to up:
1.
When the authenticator senses a link state change, it requests that the supplicant identify itself using an EAP Identity
Request frame.
2.
The supplicant responds with its identity in an EAP Response Identity frame.
3.
The authenticator decapsulates the EAP response from the EAPOL frame, encapsulates it in a RADIUS Access-Request
frame and forwards the frame to the authentication server.
4.
The authentication server replies with an Access-Challenge frame. The Access-Challenge frame requests the supplicant to
prove that it is who it claims to be, using a specified method (an EAP-Method). The challenge is translated and forwarded
to the supplicant by the authenticator.
5.
The supplicant can negotiate the authentication method, but if it is acceptable, the supplicant provides the Requested
Challenge information in an EAP response, which is translated and forwarded to the authentication server as another
Access-Request frame.
6.
If the identity information provided by the supplicant is valid, the authentication server sends an Access-Accept frame in
which network privileges are specified. The authenticator changes the port state to authorized and forwards an EAP
802.1X
80
Advertisement
Table of Contents
Troubleshooting
