Dell FCX624-S Laptop User Manual


  Open as PDF
of 1494
 
532 PowerConnect B-Series FCX Configuration Guide
53-1002266-01
Configuring MAC-based VLANs
15
When both features are configured on a port, a device connected to the port is authenticated as
follows.
1. MAC-based VLAN is performed on the device to authenticate the device MAC address.
2. If MAC-based VLAN is successful, the device then checks to see if the RADIUS server included
the Foundry-802_1x-enable VSA (described in Table 90) in the Access-Accept message that
authenticated the device.
3. If the Foundry-802_1x-enable VSA is not present in the Access-Accept message, or is present
and set to 1, then 802.1X authentication is performed for the device.
4. If the Foundry-802_1x-enable VSA is present in the Access-Accept message, and is set to 0,
then 802.1X authentication is skipped.
Configuring generic and Dell vendor-specific attributes on the RADIUS
server
If the RADIUS authentication process is successful, the RADIUS server sends an Access-Accept
message to the Dell PowerConnect device, authenticating the device. The Access-Accept message
includes Vendor-Specific Attributes (VSAs) that specify additional information about the device.
Add Dell vendor-specific attributes to your RADIUS server configuration, and configure the
attributes in the individual or group profiles of the devices that will be authenticated. Dell.
vendor-ID is 1991, vendor-type 1. Table 89 lists generic RADIUS attributes. Table 90 lists Dell
Vendor-Specific Attributes.
TABLE 89 Generic RADIUS attributes
Attribute name Attribute ID Data type Optional or
mandatory
Description
Tunnel-Type 64 13
decimal
VLAN
Mandatory RFC 2868.
Tunnel-Medium-Type 65 6
decimal
802
Mandatory RFC 2868.
Tunnel-Private-Group-I
D
81 decimal Mandatory RFC 2868. <vlan-id> or U:<vlan -id> – a
MAC-based VLAN ID configured on the Dell
PowerConnect device.