Support User Manuals

Dell FCX624-I Laptop User Manual

Open as PDF

of 1494

1290 PowerConnect B-Series FCX Configuration Guide

53-1002266-01

Configuring multi-device port authentication

36

You can better control port behavior when a RADIUS timeout occurs by configuring a port on the

Dell PowerConnect device to automatically pass or fail user authentication. A pass essentially

bypasses the authentication process and permits user access to the network. A fail bypasses the

authentication process and blocks user access to the network, unless restrict-vlan is configured, in

which case, the user is placed into a VLAN with restricted or limited access. By default, the Dell

PowerConnect device will reset the authentication process and retry to authenticate the user.

Specify the RADIUS timeout action at the Interface level of the CLI.

Permit User access to the network after a RADIUS timeout

To set the RADIUS timeout behavior to bypass multi-device port authentication and permit user

access to the network, enter commands such as the following.

PowerConnect(config)#interface ethernet 1/3

PowerConnect(config-if-e100-1/3)#mac-authentication auth-timeout-action success

Syntax: [no] mac-authentication auth-timeout-action success

Once the success timeout action is enabled, use the no form of the command to reset the RADIUS

timeout behavior to retry.

Deny User access to the network after a RADIUS timeout

To set the RADIUS timeout behavior to bypass multi-device port authentication and block user

access to the network, enter commands such as the following.

PowerConnect(config)#interface ethernet 1/3

PowerConnect(config-if-e100-1/3)#mac-authentication auth-timeout-action failure

Syntax: [no] mac-authentication auth-timeout-action failure

Once the failure timeout action is enabled, use the no form of the command to reset the RADIUS

timeout behavior to retry.

NOTE

If restrict-vlan is configured along with auth-timeout-action failure, the user will be placed into a

VLAN with restricted or limited access. Refer to “Allow user access to a restricted VLAN after a

RADIUS timeout” on page 1290.

Allow user access to a restricted VLAN after a RADIUS timeout

To set the RADIUS timeout behavior to bypass multi-device port authentication and place the user

in a VLAN with restricted or limited access, enter commands such as the following.

PowerConnect(config)#interface ethernet 1/3

PowerConnect(config-if-e100-1/3)#mac-authentication auth-fail-action

restrict-vlan 100

PowerConnect(config-if-e100-1/3)#mac-authentication auth-timeout-action failure

Syntax: [no] mac-authentication auth-fail-action restrict-vlan [<vlan-id>]

Syntax: [no] mac-authentication auth-timeout-action failure

previous next