DELL 8132 ユーザーズマニュアル

802.1x Commands

Local Area Networks (LANs) are often deployed in environments that permit 

the attachment of unauthorized devices. The networks also permit 

unauthorized users to attempt to access the LAN through existing 

equipment. In such environments, the administrator may desire to restrict 

access to the services offered by the LAN. 
Port-based network access control makes use of the physical characteristics of 

LAN infrastructures to provide a means of authenticating and authorizing 

devices attached to a LAN port. Port-based network access control prevents 

access to the port in cases in which the authentication and authorization 

process fails. A port is defined as a single point of attachment to the LAN. 
The PowerConnect supports an 802.1x Authenticator service with a local 

authentication server or authentication using remote RADIUS or TACACS 

servers. 
Supported security methods for communication with remote servers include 

MD5, PEAP, EAP-TTL, EAP-TTLS, and EAP-TLS.

The PowerConnect switch supports a dedicated database for local 

authentication of users for network access through the Dot1x feature. This 

functionality is distinct from management access for the switch. This feature 

supports creating users for Dot1x (port) access only. 
The Internal Authentication Server feature provides support for the creation 

of users for Dot1x access only, i.e. without management access. This feature 

maintains a separate database (henceforth called as Dot1x user database) of 

users allowed for Dot1x access. 
A new authentication method internal is added to the list of methods 

supported by authentication list creation in order to support the IDAS user 

database lookup. The internal method cannot be added in the same 

authentication list that has other methods like local, radius and reject.

2CSPC4.X8100-SWUM102.book  Page 835  Friday, March 15, 2013  8:56 AM