Support User Manuals

Dell FCX624-E Laptop User Manual

Open as PDF

of 1494

PowerConnect B-Series FCX Configuration Guide 1277

53-1002266-01

Using multi-device port authentication and 802.1X security on the same port

36

Configuring Dell-specific attributes on the

RADIUS server

If the RADIUS authentication process is successful, the RADIUS server sends an Access-Accept

message to the Dell PowerConnect device, authenticating the device. The Access-Accept message

can include Vendor-Specific Attributes (VSAs) that specify additional information about the device.

If you are configuring multi-device port authentication and 802.1X authentication on the same

port, then you can configure the Dell VSAs listed in Table 225 on the RADIUS server.

You add these Dell vendor-specific attributes to your RADIUS server configuration, and configure

the attributes in the individual or group profiles of the devices that will be authenticated. The Dell

Vendor-ID is 1991, with Vendor-Type 1.

If neither of these VSAs exist in a device profile on the RADIUS server, then by default the device is

subject to multi-device port authentication (if configured), then 802.1X authentication (if

configured). The RADIUS record can be used for both multi-device port authentication and 802.1X

authentication.

Configuration examples are shown in “Examples of multi-device port authentication and 802.1X

authentication configuration on the same port” on page 1302.

TABLE 225 Dell vendor-specific attributes for RADIUS

Attribute name Attribute ID Data type Description

Foundry-802_1x-enable 6 integer Specifies whether 802.1X authentication is

performed when multi-device port

authentication is successful for a device. This

attribute can be set to one of the following:

0 - Do not perform 802.1X authentication on

a device that passes multi-device port

authentication. Set the attribute to zero for

devices that do not support 802.1X

authentication.

1 - Perform 802.1X authentication when a

device passes multi-device port

authentication. Set the attribute to one for

devices that support 802.1X authentication.

Foundry-802_1x-valid 7 integer Specifies whether the RADIUS record is valid

only for multi-device port authentication, or

for both multi-device port authentication and

802.1X authentication.

This attribute can be set to one of the

following:

0 - The RADIUS record is valid only for

multi-device port authentication. Set this

attribute to zero to prevent a user from using

their MAC address as username and

password for 802.1X authentication

1 - The RADIUS record is valid for both

multi-device port authentication and 802.1X

authentication.

previous next