Switches - Dell PowerConnect J-EX4200-24T Software Manual

Dell PowerConnect J-Series Ethernet Switch Complete Software Guide for Junos OS
Related
Documentation
Understanding Server Fail Fallback and Authentication on J-EX Series Switches
2258
NOTE: If an end device is authenticated on the interface using captive
portal, this becomes the active authentication method on the interface.
When captive portal is the active authentication method, the switch falls
back to 802.1X authentication if there are no sessions in the authenticated
state and if the interface receives an EAP packet.
The switch checks whether there is a guest VLAN configured on the switch. If a guest
8.
VLAN is configured, the switch allows the end device limited access to the LAN.
Configuring Server Fail Fallback (CLI Procedure) on page 2337
Understanding Server Fail Fallback and Authentication on J-EX Series Switches on
page 2258
Understanding Guest VLANs for 802.1X on J-EX Series Switches on page 2259
Understanding Authentication onJ-EX Series Switches on page 2248
Understanding Dynamic VLANs for 802.1X on J-EX Series Switches on page 2259
Server fail fallback allows you to specify how end devices connected to the switch are
supported if the RADIUS authentication server becomes unavailable or sends an Extensible
Authentication Protocol Over LAN (EAPOL) access-reject message.
J-EX Series Switches use authentication to implement access control in an enterprise
network. If 802.1X, MAC RADIUS, or captive portal authentication are configured on the
interface, end devices are evaluated at the initial connection by an authentication
(RADIUS) server. If the end device is configured on the authentication server, the device
is granted access to the LAN and the J-EX Series switch opens the interface to permit
access.
A RADIUS server timeout occurs if no RADIUS authentication servers are reachable when
a supplicant logs in and attempts to access the LAN. Server fail fallback allows you to
specify one of four actions to be taken towards end devices awaiting authentication
when the server is timed out:
Permit authentication, allowing traffic to flow from the end device through the interface
as if the end device were successfully authenticated by the RADIUS server.
Deny authentication, preventing traffic from flowing from the end device through the
interface. This is the default.
Move the end device to a specified VLAN. (The VLAN must already exist on the switch.)
Sustain authenticated end devices that already have LAN access and deny
unauthenticated end devices. If the RADIUS servers time out during reauthentication,
previously authenticated end devices are reauthenticated and new users are denied
LAN access.