Reference Guide

ManualsBrandsDell ManualsserversDell C7008/C300 Aggregation Core chassis Switch

111

112

113

114

115

116

117

118

119

120

120 | 802.1X

www.dell.com | support.dell.com

Figure 7-11 shows the configuration on a Dell Networking switch that uses dynamic VLAN assignment

with 802.1X before you connect the end-user device (black and blue text), and after you connect the device

(red text).

The blue text corresponds to the numbered steps on page 119. Note that the GigabitEthernet 1/11 port, on

which dynamic VLAN assignment with 802.1X is configured, is initially an untagged member of VLAN

300. After a successful 802.1x authentication with dynamic VLAN configuration, the port becomes an

untagged member of VLAN 400 (assigned by the RADIUS server during authentication).

Figure 7-11. Dynamic VLAN Assignment with 802.1X

Note: In the show vlan command output, if the statically-configured VLAN and the 802.1X

dynamically-assigned VLAN are the same, the 802.1x-authorized port is displayed with U for Untagged.

If the two VLANs are not the same, the 802.1x-authorized port is displayed with x for Dot1X untagged.

Force10(conf-if-vl-400)# show config

interface Vlan 400

no ip address

shutdown

Force10#show vlan

Codes: * - Default VLAN, G - GVRP VLANs

Q: U - Untagged, T - Tagged

x - Dot1x untagged, X - Dot1x tagged

G - GVRP tagged

NUM Status Description Q Ports

* 1 Inactive

300 Inactive U Gi 1/11

400 Inactive

***After authentication***

Force10#show vlan

Codes: * - Default VLAN, G - GVRP VLANs

Q: U - Untagged, T - Tagged

x - Dot1x untagged, X - Dot1x tagged

G - GVRP tagged

NUM Status Description Q Ports

* 1 Inactive

300 In active

400 Active x Gi 1/11

***After disconnectiong the end-user device, the GigabitEthernet 1/11

port is re-assigned to VLAN 300.

radius-server host 10.11.197.169

auth-port 1645

key 7 387a7f2df5969da4

1/11

Force10(conf-if-gi-1/11)#show config

interface GigabitEthernet 1/11

no ip address

switchport

dot1x authentication

no shutdown

***After authentication***

Force10#show dot1x interface gigabitethernet 1/11

802.1x information on Gi 1/11:

-----------------------------

Dot1x Status: Enable

Port Control: AUTO

Port Auth Status: AUTHORIZED

Re-Authentication: Disable

Untagged VLAN id: 400

Tx Period: 30 seconds

Quiet Period: 60 seconds

ReAuth Max: 2

Supplicant Timeout: 30 seconds

Server Timeout: 30 seconds

Re-Auth Interval: 3600 seconds

Max-EAP-Req: 2

Auth Type: SINGLE_HOST

Auth PAE State: Authenticated

Backend State: Idle

RADIUS Server

End-user Device

Force10 switch

Force10(conf-if-vl-300)#show config

interface Vlan 300

no ip address

untagged GigabitEthernet 1/11

shutdown