Dell PowerConnect B-FCXs Configuration Manual page 1263
Powerconnect b-series fcx
Hide thumbs
Also See for PowerConnect B-FCXs:
- Hardware installation manual (86 pages) ,
- User manual (152 pages) ,
- Getting started manual (260 pages)
Table of Contents
Advertisement
FIGURE 156
Client/Supplicant
In this example, the Authenticator (the PowerConnect switch) initiates communication with an
802.1X-enabled Client. When the Client responds, it is prompted for a username (255 characters
maximum) and password. The Authenticator passes this information to the Authentication Server,
which determines whether the Client can access services provided by the Authenticator. When the
Client is successfully authenticated by the RADIUS server, the port is authorized. When the Client
logs off, the port becomes unauthorized again.
The Dell 802.1X implementation supports dynamic VLAN assignment. If one of the attributes in the
Access-Accept message sent by the RADIUS server specifies a VLAN identifier, and this VLAN is
available on the PowerConnect device, the client port is moved from its default VLAN to the
specified VLAN. When the client disconnects from the network, the port is placed back in its
default VLAN.Refer to
more information.
If a Client does not support 802.1X, authentication cannot take place. The PowerConnect device
sends EAP-Request/Identity frames to the Client, but the Client does not respond to them.
When a Client that supports 802.1X attempts to gain access through a non-802.1X-enabled port, it
sends an EAP start frame to the PowerConnect device. When the device does not respond, the
Client considers the port to be authorized, and starts sending normal traffic.
PowerConnect devices support Identity and MD5-challenge requests in EAP Request/Response
messages as well as the following 802.1X authentication challenge types:
NOTE
Refer to also
•
PowerConnect B-Series FCX Configuration Guide
53-1002266-01
Message exchange between client/supplicant, authenticator, and authentication
server
EAP-Request/Identity
EAP-Response/Identity
EAP-Request/MD5-Challenge
EAP-Response/Identity
EAP-Success
EAP-Logoff
"Configuring dynamic VLAN assignment for 802.1X ports"
"EAP pass-through support"
EAP-TLS (RFC 2716) – EAP Transport Level Security (TLS) provides strong security by requiring
both client and authentication server to be identified and validated through the use of public
key infrastructure (PKI) digital certificates. EAP-TLS establishes a tunnel between the client
and the authentication server to protect messages from unauthorized users' eavesdropping
How 802.1X port security works
Switch
(Authenticator)
Port Unauthorized
RADIUS Access-Request
RADIUS Access-Challenge
RADIUS Access-Request
RADIUS Access-Accept
Port Authorized
Port Unauthorized
on page 1223.
34
RADIUS Server
(Authentication Server)
on page 1230 for
1221
Advertisement
Table of Contents
Troubleshooting
