User Guide
Page 28
... is a client/server-based protocol. RADIUS Accounting This feature enables recording device management sessions (Telnet, serial, and WEB but not SNMP) and/or 802.1x authentication sessions. 28 Dell PowerConnect 55xx Systems User Guide Port-Based Authentication (Dot1x) Port-based authentication enables authenticating system users on a locked port, and the frame source MAC address...
... is a client/server-based protocol. RADIUS Accounting This feature enables recording device management sessions (Telnet, serial, and WEB but not SNMP) and/or 802.1x authentication sessions. 28 Dell PowerConnect 55xx Systems User Guide Port-Based Authentication (Dot1x) Port-based authentication enables authenticating system users on a locked port, and the frame source MAC address...
User Guide
Page 29
...management provides increased network security and improved password control. For more information, see "RADIUS" on page 275. The 802.1x Monitor mode enables applying 802.1x functionality to the switch, with all necessary RADIUS and/or domain servers active, without actually taking any action that ...features. The SSH server feature enables an SSH client to establish a secure, encrypted connection with RADIUS and other authentication processes. Dell PowerConnect 55xx Systems User Guide 29 For more information, see "Password Management" on page 279. In this way, the user can...
...management provides increased network security and improved password control. For more information, see "RADIUS" on page 275. The 802.1x Monitor mode enables applying 802.1x functionality to the switch, with all necessary RADIUS and/or domain servers active, without actually taking any action that ...features. The SSH server feature enables an SSH client to establish a secure, encrypted connection with RADIUS and other authentication processes. Dell PowerConnect 55xx Systems User Guide 29 For more information, see "Password Management" on page 279. In this way, the user can...
User Guide
Page 133
...a Guest VLAN is not permitted. • None - Enable/disable logging authentication attempts. - Use the no dot1x system-auth-control Enables 802.1x globally. Monitoring VLAN - Guest VLAN - dot1x system-auth-control no form of the VLAN to restore the default configuration. Enable/disable the..., and the session is received from the Guest VLAN. - Dell PowerConnect 55xx Systems User Guide 133 If no resources remain in the Guest VLAN ID field. Authenticate the user on interfaces running IEEE 802.1X. Permit the session. - Select the Guest VLAN from the VLAN...
...a Guest VLAN is not permitted. • None - Enable/disable logging authentication attempts. - Use the no dot1x system-auth-control Enables 802.1x globally. Monitoring VLAN - Guest VLAN - dot1x system-auth-control no form of the VLAN to restore the default configuration. Enable/disable the..., and the session is received from the Guest VLAN. - Dell PowerConnect 55xx Systems User Guide 133 If no resources remain in the Guest VLAN ID field. Authenticate the user on interfaces running IEEE 802.1X. Permit the session. - Select the Guest VLAN from the VLAN...
User Guide
Page 134
.../0/3 Force Authorized Authorized* Disabled 3600 gi1/0/4 Force Authorized Authorized* Disabled 3600 Username -------n/a n/a n/a n/a 134 Dell PowerConnect 55xx Systems User Guide show dot1x 802.1x is selected from the VLAN List. dot1x guest-vlan no dot1x system-auth-control monitor Enables 802.1x globally the 802.1x Monitoring mode and define the Monitor VLAN. The following is an example of...
.../0/3 Force Authorized Authorized* Disabled 3600 gi1/0/4 Force Authorized Authorized* Disabled 3600 Username -------n/a n/a n/a n/a 134 Dell PowerConnect 55xx Systems User Guide show dot1x 802.1x is selected from the VLAN List. dot1x guest-vlan no dot1x system-auth-control monitor Enables 802.1x globally the 802.1x Monitoring mode and define the Monitor VLAN. The following is an example of...
User Guide
Page 135
... parameters: - Port-Based Authentication Interface Settings To configure 802.1x authentication on the interface. Displays the username of the port. - The interface moves between an authorized or unauthorized state, based on the authentication exchange between the device and the client. Select the port authorization state. Figure 8-13. Dell PowerConnect 55xx Systems User Guide 135
... parameters: - Port-Based Authentication Interface Settings To configure 802.1x authentication on the interface. Displays the username of the port. - The interface moves between an authorized or unauthorized state, based on the authentication exchange between the device and the client. Select the port authorization state. Figure 8-13. Dell PowerConnect 55xx Systems User Guide 135
User Guide
Page 136
... on the port. • 802.1x & MAC - The 802.1X authentication takes precedence. for this port. Port is enabled. • Dynamic VLAN Assignment (DVA) can be the supplicant MAC address. Only eight MAC-based authentications can occur only if a RADIUS server is configured, and port authentication is rejected. 136 Dell PowerConnect 55xx Systems User Guide Current...
... on the port. • 802.1x & MAC - The 802.1X authentication takes precedence. for this port. Port is enabled. • Dynamic VLAN Assignment (DVA) can be the supplicant MAC address. Only eight MAC-based authentications can occur only if a RADIUS server is configured, and port authentication is rejected. 136 Dell PowerConnect 55xx Systems User Guide Current...
User Guide
Page 138
...-802.1x} Enables authentication based on Interfaces Using the CLI Commands The following table summarizes the CLI commands for enabling the port based authentication as displayed in seconds. - no dot1x mac-authentication Use the no dot1x guest-vlan enable Enables unauthorized users on the interface access to restore the default configuration. 138 Dell PowerConnect...
...-802.1x} Enables authentication based on Interfaces Using the CLI Commands The following table summarizes the CLI commands for enabling the port based authentication as displayed in seconds. - no dot1x mac-authentication Use the no dot1x guest-vlan enable Enables unauthorized users on the interface access to restore the default configuration. 138 Dell PowerConnect...
User Guide
Page 139
... response to restore the default configuration. show dot1x Displays 802.1X status for the device or [[gigabitethernet|tengigabit for the retransmission of [[gigabitethernet|tengigabit all 802.1X-enabled ports or the specified ethernet] port-number] 802.1X-enabled port. dot1x timeout server-timeout seconds no form...of this command to an EAP request/identity frame, from the client, before resending the request. ethernet] port-number] Dell PowerConnect 55xx Systems User Guide 139 Use the no form of this command to restore the default configuration. dot1x timeout supp-...
... response to restore the default configuration. show dot1x Displays 802.1X status for the device or [[gigabitethernet|tengigabit for the retransmission of [[gigabitethernet|tengigabit all 802.1X-enabled ports or the specified ethernet] port-number] 802.1X-enabled port. dot1x timeout server-timeout seconds no form...of this command to an EAP request/identity frame, from the client, before resending the request. ethernet] port-number] Dell PowerConnect 55xx Systems User Guide 139 Use the no form of this command to restore the default configuration. dot1x timeout supp-...
User Guide
Page 140
... for unauthorized ports. Use the no dot1x guest-vlan enable Description Displays 802.1X advanced features for the switch or specified interface. The following is an example of this command to restore the default configuration. Port-Based Authentication Interface .../0/4 Forceauth Oper Mode ---------Authorized Authorized Unauthoriz ed Authorized Reauth Reauth Control Period Enabled 3600 Enabled 3600 Enabled 3600 Disabled 3600 Username -------Bob John Clark n/a 140 Dell PowerConnect 55xx Systems User Guide Table 8-13. Enables using a guest VLAN for the device.
... for unauthorized ports. Use the no dot1x guest-vlan enable Description Displays 802.1X advanced features for the switch or specified interface. The following is an example of this command to restore the default configuration. Port-Based Authentication Interface .../0/4 Forceauth Oper Mode ---------Authorized Authorized Unauthoriz ed Authorized Reauth Reauth Control Period Enabled 3600 Enabled 3600 Enabled 3600 Disabled 3600 Username -------Bob John Clark n/a 140 Dell PowerConnect 55xx Systems User Guide Table 8-13. Enables using a guest VLAN for the device.
User Guide
Page 145
... who want to a single 802.1x-enabled port. Action on the source MAC address. - Forward the packets from any unlearned source. • Forward - Multiple Host is Auto and a single client has been authenticated via the port. • No Single Host - Filtering is based on Single Host Violation - Dell PowerConnect 55xx Systems User Guide 145...
... who want to a single 802.1x-enabled port. Action on the source MAC address. - Forward the packets from any unlearned source. • Forward - Multiple Host is Auto and a single client has been authenticated via the port. • No Single Host - Filtering is based on Single Host Violation - Dell PowerConnect 55xx Systems User Guide 145...
User Guide
Page 146
... host-mode multi-host console(config-if)# dot1x host-mode single-host console(config-if)# dot1x host-mode multi-sessions 146 Dell PowerConnect 55xx Systems User Guide show dot1x advanced Displays 802.1x advanced features for the [gigabitethernet|tengigabite device or specified interface. Ports remain shutdown until they are activated, or the switch is...
... host-mode multi-host console(config-if)# dot1x host-mode single-host console(config-if)# dot1x host-mode multi-sessions 146 Dell PowerConnect 55xx Systems User Guide show dot1x advanced Displays 802.1x advanced features for the [gigabitethernet|tengigabite device or specified interface. Ports remain shutdown until they are activated, or the switch is...
User Guide
Page 149
... Tim 03:08:58 Remote 0008.3b79.3232 gi1/03 Paul 02:12:48 Remote 0008.3b89.8237 console# show dot1x users Description Displays active 802.1x authenticated users for displaying port authentication users: Table 8-17. Display Port Authentication Users CLI Commands CLI Command show dot1x users username Bob Port User Session... Name Time Method Address gi1/01 Bob 1d 09:07:38 Remote 0008.3b79.8787 VLAN Filter ---- -----3 VLAN Filter ---- -----3 OK 9 OK 8 Warning VLAN Filter ---- -----3 OK Dell PowerConnect 55xx Systems User Guide 149
... Tim 03:08:58 Remote 0008.3b79.3232 gi1/03 Paul 02:12:48 Remote 0008.3b89.8237 console# show dot1x users Description Displays active 802.1x authenticated users for displaying port authentication users: Table 8-17. Display Port Authentication Users CLI Commands CLI Command show dot1x users username Bob Port User Session... Name Time Method Address gi1/01 Bob 1d 09:07:38 Remote 0008.3b79.8787 VLAN Filter ---- -----3 VLAN Filter ---- -----3 OK 9 OK 8 Warning VLAN Filter ---- -----3 OK Dell PowerConnect 55xx Systems User Guide 149
User Guide
Page 286
... Default for all RADIUS communications between the device and the RADIUS server. 286 Dell PowerConnect 55xx Systems User Guide Enter the RADIUS server usage. The possible options are queried. - Used for 802.1x authentication and/or accounting. • All - The amount of the authentication ... Enter 0 if you do not want to be used for authentication purposes. - Used for login authentication and/or accounting. • 802.1x - If you do want this server to the next server. - Enter the number of authentication and/or accounting. 4 Enter the following...
... Default for all RADIUS communications between the device and the RADIUS server. 286 Dell PowerConnect 55xx Systems User Guide Enter the RADIUS server usage. The possible options are queried. - Used for 802.1x authentication and/or accounting. • All - The amount of the authentication ... Enter 0 if you do not want to be used for authentication purposes. - Used for login authentication and/or accounting. • 802.1x - If you do want this server to the next server. - Enter the number of authentication and/or accounting. 4 Enter the following...
User Guide
Page 287
...|802.1x|all}] no radius-server host {ipv4address|ipv6-address|hostname} radius-server timeout timeout no radius-server timeout radius-server source-ip sourceip-address no form of the command to restore the default configuration. The device IP address that will be used for a server host to restore the default configuration. Dell PowerConnect 55xx...
...|802.1x|all}] no radius-server host {ipv4address|ipv6-address|hostname} radius-server timeout timeout no radius-server timeout radius-server source-ip sourceip-address no form of the command to restore the default configuration. The device IP address that will be used for a server host to restore the default configuration. Dell PowerConnect 55xx...
User Guide
Page 613
... ID Frames Transmit - The number of EAP Resp/ID frames received on this port. - EAP Statistics CLI Commands CLI Command show dot1x statistics Description Displays 802.1X statistics for viewing EAP statistics. The number of the Refresh Rate options to specify how frequently the statistics should be refreshed. The source MAC address... invalid Packet Body Length received on the port. - Start Frames Receive - Respond Frames Receive - The number of EAP Req/ID frames transmitted via the port. - Dell PowerConnect 55xx Systems User Guide 613
... ID Frames Transmit - The number of EAP Resp/ID frames received on this port. - EAP Statistics CLI Commands CLI Command show dot1x statistics Description Displays 802.1X statistics for viewing EAP statistics. The number of the Refresh Rate options to specify how frequently the statistics should be refreshed. The source MAC address... invalid Packet Body Length received on the port. - Start Frames Receive - Respond Frames Receive - The number of EAP Req/ID frames transmitted via the port. - Dell PowerConnect 55xx Systems User Guide 613