X Authentication - Dell PowerConnect J-EX4200-24T Software Manual

Dell PowerConnect J-Series Ethernet Switch Complete Software Guide for Junos OS

802.1X Authentication

MAC RADIUS Authentication
2250
802.1X is an IEEE standard for port-based network access control (PNAC). It provides
an authentication mechanism to allow devices to access a LAN. The 802.1X authentication
feature on a J-EX Series switch is based upon the IEEE 802.1D standard Port-Based
Network Access Control.
The communication protocol between the end device and the switch is Extensible
Authentication Protocol Over LAN (EAPOL). EAPOL is a version of EAP designed to work
with Ethernet networks. The communication protocol between the authentication server
and the switch is RADIUS.
During the authentication process, the switch completes multiple message exchanges
between the end device and the authentication server. While 802.1X authentication is in
process, only 802.1X traffic is allowed. Other traffic, such as DHCP and HTTP, is blocked
at the data link layer.
NOTE: You can configure both the maximum number of times an EAPOL
request packet is retransmitted and the timeout period between attempts.
For information, see "Configuring 802.1X Interface Settings (CLI Procedure)"
on page 2331.
An 802.1X authentication configuration for a LAN contains three basic components:
Supplicant (also called end device)—Supplicant is the IEEE term for an end device that
requests to join the network. The device can be responsive or nonresponsive. A
responsive device is 802.1X-enabled and provides authentication
credentials—specifically, a username and password for EAP MD5, or a username and
client certificates for EAP-TLS, EAP-TTLS, and EAP-PEAP. A nonresponsive device is
not 802.1X-enabled, but can be authenticated through a MAC-based authentication
method.
Authenticator port access entity—The IEEE term for the authenticator. The J-EX Series
switch is the authenticator, and it controls access by blocking all traffic to and from
end devices until they are authenticated.
Authentication server—The authentication server contains the backend database that
makes authentication decisions. It contains credential information for each end device
that is allowed to connect to the network. The authenticator forwards credentials
supplied by the end device to the authentication server. If the credentials forwarded
by the authenticator match the credentials in the authentication server database,
access is granted. If the credentials forwarded do not match, access is denied. The
J-EX Series switches support RADIUS authentication servers.
You can configure MAC RADIUS authentication on interfaces that are connected to end
devices that are not 802.1X-enabled but that you want to allow to access the LAN.