512 Configuring 802.1X and Port-Based Security
How Does the Authentication Server Assign DiffServ Filters?
The PowerConnect 7000 Series switches allow the external 802.1X
Authenticator or RADIUS server to assign DiffServ policies to users that
authenticate to the switch. When a host (supplicant) attempts to connect to
the network through a port, the switch contacts the 802.1X authenticator or
RADIUS server, which then provides information to the switch about which
DiffServ policy to assign the host (supplicant). The application of the policy
is applied to the host after the authentication process has completed.
Unauth VLAN
enabled
Port State: Permit
VLAN: Unauth
Port State: Permit
VLAN: Unauth
RADIUS
Timeout
Default behavior Port State: Deny Port State: Permit
VLAN: Default
Unauth VLAN
enabled
Port State: Deny Port State: Permit
VLAN: Unauth
EAPOL Timeout Default behavior Port State: Deny Port State: Permit
VLAN: Default
Guest VLAN
enabled
Port State: Permit
VLAN: Guest
Port State: Permit
VLAN: Guest
MAB Success Case Port State: Permit
VLAN: Assigned
Filter: Assigned
Port State: Permit
VLAN: Assigned
Filter: Assigned
MAB Fail Case
Port State: Deny Port State: Permit
VLAN: Default
Supplicant
Timeout
Port State: Deny Port State: Deny
Table 19-1. IEEE 802.1X Monitor Mode Behavior (Continued)
Case Sub-case Regular Dot1x Dot1x Monitor Mode
To Next Page
Loading...
Need help?
General