DELL N3000 User Manual

Configuring Port and System Security

authentication server (a RADIUS server). The result of the authentication 

process determines whether the supplicant is authorized to access services on 

that controlled port. Dell Networking switches support authentication using 

remote RADIUS or TACACS servers and also support authentication using a 

local authentication service.
Supported security methods for communication with remote servers include 

MD5, PEAP, EAP-TTL, EAP-TTLS, and EAP-TLS. Only EAP-MD5 is 

supported when using the local authentication server (IAS).
For a list of RADIUS attributes that the switch supports, see 

The 802.1X port state determines whether to allow or prevent network traffic 

on the port. A port can configured to be in one of the following 802.1X 

control modes:

• Auto  (default)
• MAC-based
• Force-authorized
• Force-unauthorized.  

These modes control the behavior of the port.  The port state is either 

Authorized or Unauthorized.
If the port is in the authorized state, the port sends and receives normal 

traffic without client port-based authentication. When a port is in an 

unauthorized state, it ignores supplicant authentication attempts and does 

not provide authentication services to the client. By default, when 802.1X is 

globally enabled on the switch, all ports are in Auto, which means the port will 

be unauthorized until a successful authentication exchange has taken place. 
In addition to authorized, unauthorized, and automode, the 802.1X mode of 

a port can be MAC based, as the following section describes.

Only MAC-Based and Automode actually use 802.1X to authenticate. 

Authorized and Unauthorized modes are manual overrides.