Configuring Port and System Security 489How Does the Authentication Server Assign DiffServ Filters?The PowerConnect 7000 Series switches allow the external 802.1XAuthenticator or RADIUS server to assign DiffServ policies to users thatauthenticate to the switch. When a host (supplicant) attempts to connect tothe network through a port, the switch contacts the 802.1X authenticator orRADIUS server, which then provides information to the switch about whichDiffServ policy to assign the host (supplicant). The application of the policyis applied to the host after the authentication process has completed.For additional guidelines about using an authentication server to assignDiffServ policies, see "Configuring Authentication Server DiffServ FilterAssignments" on page 513.What is the Internal Authentication Server?The Internal Authentication Server (IAS) is a dedicated database for localizedauthentication of users for network access through 802.1X. In this database,the switch maintains a list of username and password combinations to use for802.1X authentication. You can manually create entries in the database, oryou can upload the IAS information to the switch.If the authentication method for 802.1X is IAS, the switch uses the locallystored list of username and passwords to provide port-based authentication tousers instead of using an external authentication server. Authentication usingthe IAS supports the EAP-MD5 method only.SupplicantTimeoutPort State: Deny Port State: DenyPort/ClientAuthenticatedon Guest VLANDelete GuestVLANID throughDot1QPort State: Deny Port State: PermitVLAN: Default PVIDof the portNOTE: The IAS database does not handle VLAN assignments or DiffServ policyassignments.Table 19-1. IEEE 802.1X Monitor Mode Behavior (Continued)Case Sub-case Regular Dot1x Dot1x Monitor Mode