X For J-Ex Series Switches Overview - Dell PowerConnect J-EX4200-24T Software Manual

Related
Documentation

802.1X for J-EX Series Switches Overview

How 802.1X Authentication Works
MAC RADIUS authentication—If MAC RADIUS authentication is configured on the
2.
interface, the switch sends the MAC RADIUS address of the end device to the
authentication server. If MAC RADIUS authentication is not configured, the switch
checks whether captive portal is configured on the interface.
Captive portal authentication—If captive portal is configured on the interface, the
3.
switch attempts to authenticate using this method after attempting any other
configured authentication methods. If an end device is authenticated on the interface
using captive portal, this becomes the active authentication method on the interface.
When captive portal is the active authentication method, the switch falls back to
802.1X authentication if there are no sessions in the authenticated state and if the
interface receives an EAP packet.
802.1X for J-EX Series Switches Overview on page 2253
Example: Setting Up 802.1X for Single Supplicant or Multiple Supplicant Configurations
on a J-EX Series Switch on page 2290
Configuring 802.1X Interface Settings (CLI Procedure) on page 2331
Configuring MAC RADIUS Authentication (CLI Procedure) on page 2335
Configuring MAC RADIUS Authentication (CLI Procedure) on page 2335
Configuring Captive Portal Authentication (CLI Procedure) on page 2350
Configuring Static MAC Bypass of Authentication (CLI Procedure) on page 2334
Authentication Process Flow for J-EX Series Switches on page 2255
IEEE 802.1X provides network edge security, protecting Ethernet LANs from unauthorized
user access.
802.1X authentication works by using an Authenticator Port Access Entity (the switch) to
block all traffic to and from a supplicant (end device) at the port until the supplicant's
credentials are presented and matched on the Authentication server (a RADIUS server).
When authenticated, the switch stops blocking traffic and opens the port to the supplicant.
The end device is authenticated in either single mode, single-secure mode, or multiple
mode:
single —Authenticates only the first end device. All other end devices that connect later
to the port are allowed full access without any further authentication. They effectively
"piggyback" on the end devices' authentication.
—Allows only one end device to connect to the port. No other end device
single-secure
is allowed to connect until the first logs out.
multiple —Allows multiple end devices to connect to the port. Each end device will be
authenticated individually.
Chapter 81: 802.1X and MAC RADIUS Authentication Overview
2253