Dell S50V Switch User Manual

Open as PDF

of 1262

802.1X | 119

Dynamic VLAN Assignment with Port Authentication

Dynamic VLAN Assignment with Port Authentication is supported on platforms: c s e

FTOS supports dynamic VLAN assignment when using 802.1X. During 802.1x authentication, the

existing VLAN configuration of a port assigned to a non-default VLAN is overwritten and the port is

assigned to a specified VLAN.

• If 802.1x authentication is disabled on the port, the port is re-assigned to the previously-configured

VLAN.

• If 802.1x authentication fails and if the authentication-fail VLAN is enabled for the port (see

Configuring an Authentication-Fail VLAN on page 122), the port is assigned to the authentication-fail

VLAN.

The dynamic VLAN assignment is based on RADIUS attribute 81, Tunnel-Private-Group-ID, and uses the

following standard dot1x procedure:

1. The host sends a dot1x packet to the Dell Force10 system.

2. The system forwards a RADIUS REQUEST packet containing the host MAC address and ingress port

number.

3. The RADIUS server authenticates the request and returns a RADIUS ACCEPT message with the

VLAN assignment using Tunnel-Private-Group-ID.

The dynamic VLAN assignment from the RADIUS server always overrides the configuration on the

switch for the given port. This applies to ports already configured with a non-default VLAN.

To configure dynamic VLAN assignment with 802.1x port authentication:

Note: For the C-Series, S-Series, and E-Series TeraScale platforms, the dynamic VLAN assignment fails

if a port is assigned to a non-default VLAN and if the non-default VLAN assignment was configured on an

FTOS version earlier than 8.4.2.3.

Step Task

1 Configure 802.1x globally and at interface level (see Enabling 802.1X on page 112) along with relevant RADIUS

server configurations.

2 Make the interface a switchport so that it can be assigned to a VLAN.

3 Create the VLAN to which the interface will be assigned.

4 Connect the supplicant to the port configured for 802.1X.

5 Verify that the port has been authorized and placed in the desired VLAN by entering the show dot1x interface

and show vlan commands (red text in Figure 7-11).

previous next

Top Automotive Device Types

Top Automotive Brands

Top Baby Care Device Types

Top Baby Care Brands

Top Car Audio & Video Device Types

Top Car Audio & Video Brands

Top Cellphone Device Types

Top Cellphone Brands

Top Communications Device Types

Top Communications Brands

Top Computer Device Types

Top Computer Brands

Top Fitness Device Types

Top Fitness Brands

Top Home Audio Device Types

Top Home Audio Brands

Top Household Appliance Device Types

Top Household Appliance Brands

Top Kitchen Appliance Device Types

Top Kitchen Appliance Brands

Top Laundry Appliance Device Types

Top Laundry Appliance Brands

Top Lawn & Garden Device Types

Top Lawn & Garden Brands

Top Marine Equipment Device Types

Top Marine Equipment Brands

Top Musical Instrument Device Types

Top Musical Instrument Brands

Top Outdoor Cooking Device Types

Top Outdoor Cooking Brands

Top Personal Care Device Types

Top Personal Care Brands

Top Photography Device Types

Top Photography Brands

Top Portable Media Device Types

Top Portable Media Brands

Top Power Tools Device Types

Top Power Tools Brands

Top TV and Video Device Types

Top TV and Video Brands

Top Videogame Device Types

Top Videogame Brands

Dell S50V Switch User Manual