Support User Manuals

Dell FCX624-I Laptop User Manual

Open as PDF

of 1494

PowerConnect B-Series FCX Configuration Guide 1303

53-1002266-01

Example configurations

36

FIGURE 163 Using multi-device port authentication and 802.1X authentication on the same port

When the devices attempt to connect to the network, they are first subject to multi-device port

authentication.

When the MAC address of the IP phone is authenticated, the Access-Accept message from the

RADIUS server specifies that the IP phone port be placed into the VLAN named “IP-Phone-VLAN”.

which is VLAN 7. The Foundry-802_1x-enable attribute is set to 0, meaning that 802.1X

authentication is skipped for this MAC address. Port e 1/3 is placed in VLAN 7 as a tagged port.

No further authentication is performed.

When the PC MAC address is authenticated, the Access-Accept message from the RADIUS server

specifies that the PVID for the PC port be changed to the VLAN named “Login-VLAN”, which is VLAN

1024. The Foundry-802_1x-enable attribute is set to 1, meaning that 802.1X authentication is

required for this MAC address. The PVID of the port e 1/3 is temporarily changed to VLAN 1024,

pending 802.1X authentication.

When User 1 attempts to connect to the network from the PC, he is subject to 802.1X

authentication. If User 1 is successfully authenticated, the Access-Accept message from the

RADIUS server specifies that the PVID for User 1 port be changed to the VLAN named “User-VLAN”,

which is VLAN 3. If 802.1X authentication for User 1 is unsuccessful, the PVID for port e 1/3 is

changed to that of the restricted VLAN, which is 1023, or untagged traffic from port e 1/3 can be

blocked in hardware.

The part of the running-config related to port e 1/3 would be as follows.

interface ethernet 1/3

dot1x port-control auto

mac-authentication enable

dual-mode

Hub

User 0002.3f7f.2e0a (PC) Profile:

Foundry-y-802_1x-enable = 1

Tunnel-Private-Group-ID: = U:Login-VLAN

User 1 Profile:

Tunnel-Private-Group-ID: = U:IP-User-VLAN

Switch

Port e1/3

Dual Mode

Hub

Untagged

Tagged

RADIUS Server

PC

MAC: 0002.3f7f.2e0a

User 1

IP Phone

MAC: 0050.048e.86ac

User 0050.048e.86ac (IP Phone) Profile:

Foundry-802_1x-enable = 0

Tunnel-Private-Group-ID = T:IP-Phone-VLAN

previous next