DELL N3000 User Manual
578
Configuring Port and System Security
Authentication Manager
Overview
The Authentication Manager supports the hierarchical configuration of host
authentication methods on an interface. Dell switches support the following
host authentication methods:
• IEEE 802.1x
• MAC Authentication Bypass
• Captive portal
• MAC Authentication Bypass
• Captive portal
Using the Authentication Manager, the administrator can configure an
authentication method list on a per-port basis. Authentication can be enabled
or disabled. If authentication is disabled, then no authentication method is
applied and the port is provided with open access. The default behavior is
that authentication is disabled for all ports.
The configured authentication methods are attempted in the configured
The configured authentication methods are attempted in the configured
order. If an authentication method times out, then the next configured
method is attempted. If an authentication method fails, then the next
method is not attempted and authentication begins again from the first
method. If all the methods fail, then the Authentication Manager starts a
timer for reauthentication. Failure in this context means that host
authentication was attempted and the host was unable to successfully
authenticate. At the expiry of the timer, the Authentication Manager starts
the authentication process again from the first method in the list.
The Authentication Manager supports configuring a priority for each
The Authentication Manager supports configuring a priority for each
authentication method on a port. The authentication priority allows a higher
priority method (not currently running) to interrupt an authentication in
progress with a lower-priority method. If a client is already authenticated, an
interrupt from a higher-priority method can cause a client previously
authenticated using a lower priority method to reauthenticate.
By default, Dell switches are configured with a method list that contains the
By default, Dell switches are configured with a method list that contains the
methods (in order) Dot1x, MAB, and captive portal (web-auth) as the default
methods for all the ports. Dell switches restrict the configuration such that no
method is allowed to follow the captive portal method, if configured.