Port Authentication (802.1X) Commands; Dot1X Authentication (Configuration) - Dell Force10 S4810P Reference Manual
Ftos command line reference guide for the s4810 system ftos 9.1.(0.0)
Hide thumbs
Also See for Force10 S4810P:
- Manual (60 pages) ,
- Quick start manual (27 pages) ,
- Configuration manual (1144 pages)
Table of Contents
Advertisement
Port Authentication (802.1X) Commands
An authentication server must authenticate a client connected to an 802.1X switch port. Until the authentication, only
Extensible Authentication Protocol over LAN ( EAPOL) traffic is allowed through the port to which a client is connected.
After authentication is successful, normal traffic passes through the port.
FTOS supports RADIUS and Active Directory environments using 802.1X Port Authentication.
Important Points to Remember
FTOS limits network access for certain users by using VLAN assignments. 802.1X with VLAN assignment has these
characteristics when configured on the switch and the RADIUS server.
•
802.1X is supported on C-Series, E-Series, S-Series, Z-Series, and S4810.
•
802.1X is not supported on the LAG or the channel members of a LAG.
•
If no VLAN is supplied by the RADIUS server or if 802.1X authorization is disabled, the port is configured in its
access VLAN after successful authentication.
•
If 802.1X authorization is enabled but the VLAN information from the RADIUS server is not valid, the port returns
to the Unauthorized state and remains in the configured access VLAN. This prevents ports from appearing
unexpectedly in an inappropriate VLAN due to a configuration error. Configuration errors create an entry in
Syslog.
•
If 802.1X authorization is enabled and all information from the RADIUS server is valid, the port is placed in the
specified VLAN after authentication.
•
If port security is enabled on an 802.1X port with VLAN assignment, the port is placed in the RADIUS server
assigned VLAN.
•
If 802.1X is disabled on the port, it is returned to the configured access VLAN.
•
When the port is in the Force Authorized, Force Unauthorized, or Shutdown state, it is placed in the configured
access VLAN.
•
If an 802.1X port is authenticated and put in the RADIUS server assigned VLAN, any change to the port access
VLAN configuration does not take effect.
•
The 802.1X with VLAN assignment feature is not supported on trunk ports, dynamic ports, or with dynamic-
access port assignment through a VLAN membership.
dot1x authentication (Configuration)
Enable dot1x globally; dot1x must be enabled both globally and at the interface level.
C-Series, E-Series, S-Series, Z-Series, S4810
Syntax
dot1x authentication
To disable dot1x on an globally, use the no dot1x authentication command.
Defaults
Disabled.
Command Modes
CONFIGURATION
Command History
Version 8.3.11.1
Version 8.3.7.0
Version 7.6.1.0
Version 7.4.1.0
Introduced on the Z9000.
Introduced on the S4810.
Introduced on the C-Series and S-Series.
Introduced on the E-Series.
1433
Advertisement
Table of Contents
