How to enable 802.1x authentication on Dell Networking Force10 switches
Summary: Enabling 802.1x authentication on Dell EMC Networking Force10 switches.
This article applies to
This article does not apply to
This article is not tied to any specific product.
Not all product versions are identified in this article.
Instructions
This article explains how to enable 802.1x authentication on Dell Networking Force10 switches.
Objectives
What is 802.1x?
802.1X is a method of port security. A device connected to a port that is enabled with 802.1X is disallowed from sending or receiving packets on the network until its identity can be verified (through a username and password, for example). This feature is named for its IEEE specification.
802.1X employs extensible authentication protocol (EAP) to transfer a device’s credentials to an authentication server (typically RADIUS) using a mandatory intermediary network access device, in this case, a Dell Networking switch. The network access device mediates all communication between the end-user device and the authentication server so that the network remains secure. The network access device uses EAP-over-Ethernet (EAPOL) to communicate with the end-user device and EAP-over-RADIUS to communicate with the server.
Important Things to Remember
Enable 802.1x
Set up RADIUS Server Connection
Verify 802.1x configuration
Objectives
- What is 802.1x?
- Important things to remember
- Enable 802.1x
- Set up RADIUS Server connection
- Verify configuration
What is 802.1x?
802.1X is a method of port security. A device connected to a port that is enabled with 802.1X is disallowed from sending or receiving packets on the network until its identity can be verified (through a username and password, for example). This feature is named for its IEEE specification.
802.1X employs extensible authentication protocol (EAP) to transfer a device’s credentials to an authentication server (typically RADIUS) using a mandatory intermediary network access device, in this case, a Dell Networking switch. The network access device mediates all communication between the end-user device and the authentication server so that the network remains secure. The network access device uses EAP-over-Ethernet (EAPOL) to communicate with the end-user device and EAP-over-RADIUS to communicate with the server.
The Dell Networking Operating System (OS) supports 802.1X with EAP-MD5, EAP-OTP, EAP-TLS, EAP-TTLS, PEAPv0, PEAPv1, and MS-CHAPv2 with PEAP.
Important Things to Remember
- Dell Networking OS supports 802.1X with EAP-MD5, EAP-OTP, EAP-TLS, EAP-TTLS, PEAPv0, PEAPv1, and MS-CHAPv2 with PEAP.
- All platforms support only RADIUS as the authentication server.
- If the primary RADIUS server becomes unresponsive, the authenticator begins using a secondary RADIUS server, if configured.
- 802.1X is not supported on port-channels or port-channel members.
Enable 802.1x
| Command | Parameters |
| FTOS# configure | Enter configuration mode. |
| FTOS(conf)# dot1x authentication | Globally enable dot1x authentication |
| FTOS(conf)# interface range te 1/1 – 2 | Enter a specific range of ports to be configured. |
| FTOS(conf-if-te-1/1-2)# switchport | Enable Layer 2 switchport mode on the interface. |
| FTOS(conf-if-te-1/1-2)# dot1x authentication | Enable dot1x authentication on the port level for the specified range. |
| Command | Parameters |
| FTOS# configure | Enter configuration mode. |
| FTOS(conf)#radius-server host 10.180.58.10 | Set IP address or host name that points to the RADIUS server location. |
| FTOS(conf)#radius-server key {encryption-type} key | Set the RADIUS server key for handshake with RADIUS server. encryption-type options are: 0 Specify an UNENCRYPTED key will follow 7 Specify a HIDDEN key will follow LINE The UNENCRYPTED (cleartext) user key (max 42 chars) |
| FTOS(conf)#dot1x auth-server radius | Identify the dot1x authentication server as a RADIUS server. |
The following commands will show the 802.1x configured on the switch.
802.1x information on Te 1/1
:-----------------------------
Dot1x Status: Enable
Port Control: AUTO
Port Auth Status: UNAUTHORIZED
Re-Authentication: Disable
Untagged VLAN id: None
Guest VLAN: Disable
Guest VLAN id: NON
EAuth-Fail VLAN: Disable
Auth-Fail VLAN id: NONE
Auth-Fail Max-Attempts: NONE
Mac-Auth-Bypass: Disable
Mac-Auth-Bypass Only: Disable
Tx Period: 30 seconds
Quiet Period: 60 seconds
ReAuth Max: 2
Supplicant Timeout: 30 seconds
Server Timeout: 30 seconds
Re-Auth Interval: 3600 seconds
Max-EAP-Req: 2
Host Mode: SINGLE_HOST
Auth PAE State: Initialize
Backend State: Initialize
FTOS#show running-config | find dot1x
dot1x authentication
!
[output omitted]
!
interface TenGigabitEthernet 1/1
no ip address
dot1x authentication
no shutdown
FTOS#show dot1x interface TenGigabitEthernet 1/1dot1x authentication
!
[output omitted]
!
interface TenGigabitEthernet 1/1
no ip address
dot1x authentication
no shutdown
802.1x information on Te 1/1
:-----------------------------
Dot1x Status: Enable
Port Control: AUTO
Port Auth Status: UNAUTHORIZED
Re-Authentication: Disable
Untagged VLAN id: None
Guest VLAN: Disable
Guest VLAN id: NON
EAuth-Fail VLAN: Disable
Auth-Fail VLAN id: NONE
Auth-Fail Max-Attempts: NONE
Mac-Auth-Bypass: Disable
Mac-Auth-Bypass Only: Disable
Tx Period: 30 seconds
Quiet Period: 60 seconds
ReAuth Max: 2
Supplicant Timeout: 30 seconds
Server Timeout: 30 seconds
Re-Auth Interval: 3600 seconds
Max-EAP-Req: 2
Host Mode: SINGLE_HOST
Auth PAE State: Initialize
Backend State: Initialize
FTOS#show run | grep radius|dot1x
dot1x authentication
dot1x authentication
radius-server host 10.180.58.10 key 7 7bb92471cb453a73
Affected Products
C7004/C150 Aggregation Core chassis Switch, C7008/C300 Aggregation Core chassis Switch, Force10 E300, Force10 MXL Blade, Force10 S2410-01-10GE-24P, Force10 S2410-01-10GE-24CP, PowerSwitch S4810P, PowerSwitch S5000, PowerSwitch S6000, Force10 Z9000
, Dell Networking Z9500
...
Article Properties
Article Number: 000120215
Article Type: How To
Last Modified: 05 Jun 2025
Version: 5
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.