Dell PowerConnect M6220 Configuration Guide - Page 86

determines the authorization state of the port. Depending on the outcome of the authentication process, the authenticator PAE then controls the authorized/unauthorized state of the controlled Port. Authentication can be handled locally or via an external authentication server. Two are: Remote Authentication Dial-In User Service (RADIUS) or Terminal Access Controller Access Control System (TACACS+). 802.1x Network Access Control Examples This section contains examples of the CLI commands used to configure 802.1X. Example #1: Configure RADIUS Server for Authentication This example configures a single RADIUS server used for authentication at 10.10.10.10. The shared secret is configured to be secret. The process creates a new authentication list, called radiusList, which uses RADIUS as the authentication method. This authentication list is associated with the 802.1x default login. 802.1x port based access control is enabled for the system, and interface 1/g1 is configured to be in force-authorized mode because this is where the RADIUS server and protected network resources are located. Figure 5-1. Switch with 802.1x Network Access Control If a user, or supplicant, attempts to communicate via the switch on any interface except interface 1/g1, the system challenges the supplicant for login credentials. The system encrypts the provided information and transmits it to the RADIUS server. If the RADIUS server grants access, the system sets the 802.1x port state of the interface to authorized and the supplicant is able to access network resources. console(config)#radius-server host 10.10.10.10 console(Config-radius)#exit console(config)#radius-server key secret console(config)#exit console#show radius-servers IP address Auth. TimeOut Retran. DeadTime source IP Prio. Usage 10.10.10.10 1812 Global Global Global Global 0 all 86 Device Security