DELL N3000 User Manual
580
Configuring Port and System Security
Authentication priority allows a higher-priority method (not currently
running) to interrupt an authentication in progress with a lower-priority
method. Alternatively, if the client is already authenticated, an interrupt from
a higher-priority method can cause a client, which was previously
authenticated using a lower-priority method, to reauthenticate.
For example, if a client is already authenticated using a method other than
For example, if a client is already authenticated using a method other than
802.1X (MAB or captive portal) and 802.1X has higher priority than the
authenticated method, and if an 802.1X frame is received, then the existing
authenticated client is removed and the authentication process begins again
from the first method in the order. If 802.1X has a lower priority than the
authenticated method, then the client is not removed and the 802.1X frames
are ignored.
If administrator changes the priority of the methods, then all the users who
If administrator changes the priority of the methods, then all the users who
are authenticated using a lower-priority method are forced to reauthenticate.
If an authentication session is in progress and the administrator changes the
order of the authentication methods, then the configuration will take effect
for the next session onwards.
Configuration Example—802.1X and MAB
In this scenario, the authentication manager selects the first authentication
method, 802.1X. If authentication using 802.1X is successful, then the client
is allowed network access. If authentication using 802.1X errors out, then
authentication manager selects the next authentication method: MAB. If
authentication using MAB returns an error, then the port is unauthorized.
The authentication manager will start a timer to re-authenticate the client.
At the expiry of the timer, the authentication manager restarts authentication
by selecting the 802.1X method.
console#configure
console(config)#radius-server host 10.10.10.10
console(Config-radius)#name BigRadius
console(Config-radius)#primary
console(Config-radius)#usage 802.1x
console(Config-radius)#exit
console(config)#radius-server key thatsyoursecret-keepit-keepit
console(config)#authentication enable
console(config)#aaa authentication dot1x default radius
console(config)#dot1x system-auth-control
console(config)#interface te1/0/4
console(config-if-Te1/0/4)#authentication order dot1x mab