beautypg.com

Dell PowerEdge VRTX User Manual

Page 230

background image

230

FILE LOCATION: C:\Users\gina\Desktop\Checkout_new\Dell Plasma\User

Guide\Plasma_UGSwitching_NetworkSecurity.fm

D E L L C O N F ID E N T IA L – P R E L IM I N A RY 4 / 1 8 /1 3 - F O R P R O O F O N LY

authorized. If it is not authenticated and authorized, the authenticator

discards the supplicant data, unless the data is sent to a Guest VLAN and/or

non-authenticated VLANs.
Authentication of the supplicant is performed by an external RADIUS server

through the authenticator. The authenticator monitors the results of the

authentication.
In the Dot1x standard, a device can be a supplicant and an authenticator at a

port, simultaneously requesting and granting port access. However, this

device can only act as an authenticator, and does not take on the role of a

supplicant.
The following varieties of Dot1x exist:

• Single session Dot1x:

A1—Single-session/Single Host — In this mode, the switch, as an

authenticator, supports a single Dot1x session, and grants permission

to use the port to an authorized supplicant. All other access requests,

made by other devices received from the same port, are denied until

the authorized supplicant is no longer using the port, or the access

request is to an unauthenticated or guest VLAN.

Single-session/Multiple Hosts—This follows the Dot1x standard. In

this mode, the switch, as an authenticator, enables any device to use a

port, as long as it has been granted permission as a supplicant at the

port.

Multi-Session Dot1x—Every device (supplicant) connecting to a port

must be authenticated and authorized by the switch (authenticator),

separately in a different Dot1x session. This is the only mode that supports

Dynamic VLAN Assignment (DVA).

Dynamic VLAN Assignment (DVA)

Dynamic VLAN Assignment (DVA) is also referred to as RADIUS VLAN

Assignment in this guide. When a port is in Multiple Session mode and is

DVA-enabled, the switch automatically adds the port as an untagged member

of the VLAN that is assigned by the RADIUS server during the authentication

process. The switch classifies untagged packets to the assigned VLAN if the

packets originated from the devices or ports that are authenticated and

authorized.

See also other documents in the category Dell Computer hardware: