Dell PowerConnect 6248 Configuration Guide - Page 108

The PowerConnect 6200 Series switches support MAC-based 802.1X authentication. This feature allows

Page 108 highlights

Example #2: MAC-Based Authentication Mode The PowerConnect 6200 Series switches support MAC-based 802.1X authentication. This feature allows multiple hosts to authenticate on a single port. The hosts are distinguished by their MAC addresses. When multiple hosts (for example, a PC, a printer, and a phone in the same office) are connected to the switch on the same port, each of the connected hosts authenticates separately with the RADIUS server. The following command enables MAC-based authentication on port 1/g8 and limits the number of devices that can authenticate on that port to 3. The switchport mode general command sets the port to an 802.1Q VLAN. The port must be in general mode in order to enable MAC-based 802.1X authentication. console#configure console(config)#interface ethernet 1/g8 console(config-if-1/g8)#switchport mode general console(config-if-1/g8)#dot1x port-control mac-based console(config-if-1/g8)#dot1x max-users 3 console(config-if-1/g8)#exit console(config)#exit console#show dot1x ethernet 1/g8 Administrative Mode Enabled Port ------1/g8 Admin Mode mac-based Oper Mode -----------Unauthorized Reauth Control -------FALSE Reauth Period ---------3600 Quiet Period 60 Transmit Period 30 Maximum Requests 2 Max Users 3 Supplicant Timeout 30 Server Timeout (secs 30 Logical Port ------112 Supplicant MAC-Address 0000.0000.0000 AuthPAE State -------Initialize Backend State -------Idle VLAN Id ----- Username -------- Filter Id ------ 108 Device Security

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
  • 123
  • 124
  • 125
  • 126
  • 127
  • 128
  • 129
  • 130
  • 131
  • 132
  • 133
  • 134
  • 135
  • 136
  • 137
  • 138
  • 139
  • 140
  • 141
  • 142
  • 143
  • 144
  • 145
  • 146
  • 147
  • 148
  • 149
  • 150
  • 151
  • 152
  • 153
  • 154
  • 155
  • 156
  • 157
  • 158
  • 159
  • 160
  • 161
  • 162
  • 163
  • 164
  • 165
  • 166
  • 167
  • 168
  • 169
  • 170
  • 171
  • 172
  • 173
  • 174
  • 175
  • 176

108
Device Security
Example #2: MAC-Based Authentication Mode
The PowerConnect 6200 Series switches support MAC-based 802.1X authentication. This feature allows
multiple hosts to authenticate on a single port. The hosts are distinguished by their MAC addresses.
When multiple hosts (for example, a PC, a printer, and a phone in the same office) are connected to the
switch on the same port, each of the connected hosts authenticates separately with the RADIUS server.
The following command enables MAC-based authentication on port 1/g8 and limits the number of
devices that can authenticate on that port to 3. The
switchport mode general
command sets the
port to an 802.1Q VLAN. The port must be in general mode in order to enable MAC-based 802.1X
authentication.
console#configure
console(config)#interface ethernet 1/g8
console(config-if-1/g8)#switchport mode general
console(config-if-1/g8)#dot1x port-control mac-based
console(config-if-1/g8)#dot1x max-users 3
console(config-if-1/g8)#exit
console(config)#exit
console#show dot1x ethernet 1/g8
Administrative Mode
...............
Enabled
Port
Admin
Oper
Reauth
Reauth
Mode
Mode
Control
Period
-------
------------------
------------
--------
----------
1/g8
mac-based
Unauthorized
FALSE
3600
Quiet Period
...................................
60
Transmit Period
................................
30
Maximum Requests
...............................
2
Max Users
......................................
3
Supplicant Timeout
.............................
30
Server Timeout (secs)
..........................
30
Logical
Supplicant
AuthPAE
Backend
VLAN
Username Filter
Port
MAC-Address
State
State
Id
Id
-------
--------------
--------
-------- ----- --------
------
112
0000.0000.0000
Initialize Idle