What Is Monitor Mode - Dell M6220 User Configuration Manual
Hide thumbs
Also See for M6220:
- Getting started manual (182 pages) ,
- Configuration manual (126 pages) ,
- Cli reference manual (1152 pages)
Table of Contents
Advertisement
Client devices that are 802.1X-supplicant-enabled authenticate with the
switch when they are plugged into the 802.1X-enabled switch port. The
switch verifies the credentials of the client by communicating with an
authentication server. If the credentials are verified, the authentication server
informs the switch to
unrestricted access to the network; i.e., the client is a member of an internal
VLAN.
Guest VLAN mode can be configured on a per-port basis. If a client does not
attempt authentication on a port, and the port is configured for the guest
VLAN, the client is assigned to the guest VLAN configured on that port. The
port is assigned a guest VLAN ID and is moved to the authorized status.
When the guest VLAN is disabled, users authorized by the guest VLAN are
removed.
What is Monitor Mode?
The monitor mode is a special mode that can be enabled in conjunction with
802.1X authentication. Monitor mode provides a way for network
administrators to identify possible issues with the 802.1X configuration on
the switch without affecting the network access to the users of the switch. It
allows network access even in case where there is a failure to authenticate but
logs the results of the authentication process for diagnostic purposes.
The monitor mode can be configured globally on a switch. If the switch fails
to authenticate a user for any reason (for example, RADIUS access reject
from RADIUS server, RADIUS timeout, or the client itself is Dot1x unaware),
the client is authenticated and is undisturbed by the failure condition(s). The
reasons for failure are logged for tracking purposes.
Table 19-1 provides a summary of the 802.1X Monitor Mode behavior.
Table 19-1. IEEE 802.1X Monitor Mode Behavior
Case
RADIUS/IAS
Success
unblock
the switch port and allows the client
Sub-case
Success
Incorrect NAS Port Port State: Deny
Regular Dot1x
Port State: Permit
VLAN: Assigned
Filter: Assigned
Configuring Port and System Security
Dot1x Monitor Mode
Port State: Permit
VLAN: Assigned
Filter: Assigned
Port State: Permit
VLAN: Default PVID
of the port
487
Advertisement
Table of Contents
