112 | 802.1Xw w w . d e l l . c o m | s u p p o r t . d e l l . c o mImportant Points to Remember• FTOS supports 802.1X with EAP-MD5, EAP-OTP, EAP-TLS, EAP-TTLS, PEAPv0, PEAPv1, andMS-CHAPv2 with PEAP.• All platforms support only RADIUS as the authentication server.• On E-Series ExaScale, if the primary RADIUS server becomes unresponsive, the authenticator beginsusing a secondary RADIUS server, if configured.• 802.1X is not supported on port-channels or port-channel members.• On the C-series and S-Series platforms:• Traffic may be forwarded on an 802.1X-enabled port that is in an unauthorized state andinteroperates with a device through a MAC-authentication bypass (MAB) or the guest VLAN.802.1X authentication on the port returns to normal operation only after a port flap or if youdisable and then re-enable 802.1X authentication on the port.• If you enable multi-supplicant authorization on a port, configure a maximum number ofsupplicants that can be authenticated, and enable periodic re-authentication, if some of thesupplicants fail re-authentication, these unauthorized supplicants are still counted in the totalnumber of supplicants that can access the port.• Traffic may be transmitted on an 802.1X-enabled port before the port changes to an authorizedstate.• A MAB-authenticated port becomes unauthorized after an RPM failover.Enabling 802.1X802.1X must be enabled globally and at interface level.Figure 7-4. Enabling 802.1XSupplicant Authenticator AuthenticationServer2/1 2/2Force10(conf )#dot1x authenticationForce10(conf )#interface range gigabitethernet 2/1 - 2Force10(conf-if-range-gi-2/1-2)#dot1x authenticationForce10(conf-if-range-gi-2/1-2)#show config!interface GigabitEthernet 2/1ip address 2.2.2.2/24dot1x authenticationno shutdown!interface GigabitEthernet 2/2ip address 1.0.0.1/24dot1x authenticationno shutdown