Dell FCX624-E Laptop User Manual


  Open as PDF
of 1494
 
PowerConnect B-Series FCX Configuration Guide 1223
53-1002266-01
How 802.1X port security works
34
EAP pass-through support
EAP pass-through is supported on PowerConnect devices that have 802.1X enabled. EAP
pass-through support is fully compliant with RFC 3748, in which, by default, compliant pass-through
authenticator implementations forward EAP challenge request packets of any type, including those
listed in the previous section.
Configuration notes
If the 802.1X supplicant or authentication server will be sending packets that are greater than
1500 MTU, you should configure the device to accommodate a bigger buffer size.
Support for RADIUS user-name attribute in access-accept messages
Dell 802.1X-enabled ports support the RADIUS User-name (type 1) attribute in the Access-Accept
message returned during 802.1X authentication.
This feature is useful when the client/supplicant does not provide its user-name in the
EAP-response/identity frame, and the username is key to providing useful information. For
example, when the User-name attribute is sent in the Access-Accept message, it is then available
for display in sFlow sample messages sent to a collector, and in the output of some show dot1x CLI
commands, such as show dot1x mac-sessions.
To enable this feature, add the following attribute on the RADIUS server.
Authenticating multiple hosts connected to the same port
Dell PowerConnect devices support 802.1X authentication for ports with more than one host
connected to them. Figure 157 illustrates a sample configuration where multiple hosts are
connected to a single 802.1X port.
Attribute name Type Value
User-name 1 <name> (string)