This article explains how to enable 802.1x authentication on Dell Networking Force10 switches.
Objectives
What is 802.1x?
Important things to remember
Enable 802.1x
Set up RADIUS Server connection
Verify configuration
What is 802.1x?
802.1X is a method of port security. A device connected to a port that is enabled with 802.1X is disallowed from sending or receiving packets on the network until its identity can be verified (through a username and password, for example). This feature is named for its IEEE specification.
802.1X employs extensible authentication protocol (EAP) to transfer a device’s credentials to an authentication server (typically RADIUS) using a mandatory intermediary network access device, in this case, a Dell Networking switch. The network access device mediates all communication between the end-user device and the authentication server so that the network remains secure. The network access device uses EAP-over-Ethernet (EAPOL) to communicate with the end-user device and EAP-over-RADIUS to communicate with the server.
The Dell Networking Operating System (OS) supports 802.1X with EAP-MD5, EAP-OTP, EAP-TLS, EAP-TTLS, PEAPv0, PEAPv1, and MS-CHAPv2 with PEAP.
Important Things to Remember
Dell Networking OS supports 802.1X with EAP-MD5, EAP-OTP, EAP-TLS, EAP-TTLS, PEAPv0, PEAPv1, and MS-CHAPv2 with PEAP.
All platforms support only RADIUS as the authentication server.
If the primary RADIUS server becomes unresponsive, the authenticator begins using a secondary RADIUS server, if configured.
802.1X is not supported on port-channels or port-channel members.
Enable 802.1x
Command
Parameters
FTOS# configure
Enter configuration mode.
FTOS(conf)# dot1x authentication
Globally enable dot1x authentication
FTOS(conf)# interface range te 1/1 – 2
Enter a specific range of ports to be configured.
FTOS(conf-if-te-1/1-2)# switchport
Enable Layer 2 switchport mode on the interface.
FTOS(conf-if-te-1/1-2)# dot1x authentication
Enable dot1x authentication on the port level for the specified range.
Set up RADIUS Server Connection
Command
Parameters
FTOS# configure
Enter configuration mode.
FTOS(conf)#radius-server host 10.180.58.10
Set IP address or host name that points to the RADIUS server location.
Set the RADIUS server key for handshake with RADIUS server. encryption-type options are: 0 Specify an UNENCRYPTED key will follow 7 Specify a HIDDEN key will follow LINE The UNENCRYPTED (cleartext) user key (max 42 chars)
FTOS(conf)#dot1x auth-server radius
Identify the dot1x authentication server as a RADIUS server.
Verify 802.1x configuration
The following commands will show the 802.1x configured on the switch.
FTOS#show running-config | find dot1x dot1x authentication ! [output omitted] ! interface TenGigabitEthernet 1/1 no ip address dot1x authentication no shutdown