Dell S50V Switch User Manual

Open as PDF

of 1262

120 | 802.1X

www.dell.com | support.dell.com

Figure 7-11 shows the configuration on a Dell Force10 switch that uses dynamic VLAN assignment with

802.1X before you connect the end-user device (black and blue text), and after you connect the device (red

text).

The blue text corresponds to the numbered steps on page 119. Note that the GigabitEthernet 1/11 port, on

which dynamic VLAN assignment with 802.1X is configured, is initially an untagged member of VLAN

300. After a successful 802.1x authentication with dynamic VLAN configuration, the port becomes an

untagged member of VLAN 400 (assigned by the RADIUS server during authentication).

Figure 7-11. Dynamic VLAN Assignment with 802.1X

Note: In the show vlan command output, if the statically-configured VLAN and the 802.1X

dynamically-assigned VLAN are the same, the 802.1x-authorized port is displayed with U for Untagged.

If the two VLANs are not the same, the 802.1x-authorized port is displayed with x for Dot1X untagged.

Force10(conf-if-vl-400)# show config

interface Vlan 400

no ip address

shutdown

Force10#show vlan

Codes: * - Default VLAN, G - GVRP VLANs

Q: U - Untagged, T - Tagged

x - Dot1x untagged, X - Dot1x tagged

G - GVRP tagged

NUM Status Description Q Ports

* 1 Inactive

300 Inactive U Gi 1/11

400 Inactive

***After authentication***

Force10#show vlan

Codes: * - Default VLAN, G - GVRP VLANs

Q: U - Untagged, T - Tagged

x - Dot1x untagged, X - Dot1x tagged

G - GVRP tagged

NUM Status Description Q Ports

* 1 Inactive

300 In active

400 Active x Gi 1/11

***After disconnectiong the end-user device, the GigabitEthernet 1/11

port is re-assigned to VLAN 300.

radius-server host 10.11.197.16

auth-port 1645

key 7 387a7f2df5969da4

1/11

Force10(conf-if-gi-1/11)#show config

interface GigabitEthernet 1/11

no ip address

switchport

dot1x authentication

no shutdown

**After authentication***

orce10#show dot1x interface gigabitethernet 1/11

02.1x information on Gi 1/11:

----------------------------

ot1x Status: Enable

ort Control: AUTO

ort Auth Status: AUTHORIZED

e-Authentication: Disable

ntagged VLAN id: 400

x Period: 30 seconds

uiet Period: 60 seconds

eAuth Max: 2

upplicant Timeout: 30 seconds

erver Timeout: 30 seconds

e-Auth Interval: 3600 seconds

ax-EAP-Req: 2

uth Type: SINGLE_HOST

uth PAE State: Authenticated

ackend State: Idle

RADIUS Server

End-user Device

Force10 switch

Force10(conf-if-vl-300)#show confi

interface Vlan 300

no ip address

untagged GigabitEthernet 1/11

shutdown

previous next

Top Automotive Device Types

Top Automotive Brands

Top Baby Care Device Types

Top Baby Care Brands

Top Car Audio & Video Device Types

Top Car Audio & Video Brands

Top Cellphone Device Types

Top Cellphone Brands

Top Communications Device Types

Top Communications Brands

Top Computer Device Types

Top Computer Brands

Top Fitness Device Types

Top Fitness Brands

Top Home Audio Device Types

Top Home Audio Brands

Top Household Appliance Device Types

Top Household Appliance Brands

Top Kitchen Appliance Device Types

Top Kitchen Appliance Brands

Top Laundry Appliance Device Types

Top Laundry Appliance Brands

Top Lawn & Garden Device Types

Top Lawn & Garden Brands

Top Marine Equipment Device Types

Top Marine Equipment Brands

Top Musical Instrument Device Types

Top Musical Instrument Brands

Top Outdoor Cooking Device Types

Top Outdoor Cooking Brands

Top Personal Care Device Types

Top Personal Care Brands

Top Photography Device Types

Top Photography Brands

Top Portable Media Device Types

Top Portable Media Brands

Top Power Tools Device Types

Top Power Tools Brands

Top TV and Video Device Types

Top TV and Video Brands

Top Videogame Device Types

Top Videogame Brands

Dell S50V Switch User Manual