Reference Guide

ManualsBrandsDell ManualsserversDell Force10 S55T

100

94 | 802.1X

www.dell.com | support.dell.com

Figure 6-11. Dynamic VLAN Assignment with 802.1X

Guest and Authentication-fail VLANs

Typically, the authenticator (Dell Networking system) denies the supplicant access to the network until the

supplicant is authenticated. If the supplicant is authenticated, the authenticator enables the port and places

it in either the VLAN for which the port is configured, or the VLAN that the authentication server indicates

in the authentication data.

Note: Ports cannot be dynamically assigned to the default VLAN.

fnC0065mp

Force10(conf-if-vl-400)# show config

interface Vlan 400

no ip address

shutdown

Force10#show vlan

Codes: * - Default VLAN, G - GVRP VLANs

Q: U - Untagged, T - Tagged

x - Dot1x untagged, X - Dot1x tagged

G - GVRP tagged

NUM Status Description Q Ports

* 1 Inactive U Gi 1/10

400 Inactive

Force10#show vlan

Codes: * - Default VLAN, G - GVRP VLANs

Q: U - Untagged, T - Tagged

x - Dot1x untagged, X - Dot1x tagged

G - GVRP tagged

NUM Status Description Q Ports

* 1 Inactive

400 Active U Gi 1/10

radius-server host 10.11.197.169 auth-port 1645

key 7 387a7f2df5969da4

1/10

Force10(conf-if-gi-1/10)#show config

interface GigabitEthernet 1/10

no ip address

switchport

dot1x authentication

no shutdow

Force10#show dot1x interface gigabitethernet 1/10

802.1x information on Gi 1/10:

-----------------------------

Dot1x Status: Enable

Port Control: AUTO

Port Auth Status: AUTHORIZED

Re-Authentication: Disable

Untagged VLAN id: 400

Tx Period: 30 seconds

Quiet Period: 60 seconds

ReAuth Max: 2

Supplicant Timeout: 30 seconds

Server Timeout: 30 seconds

Re-Auth Interval: 3600 seconds

Max-EAP-Req: 2

Auth Type: SINGLE_HOST

Auth PAE State: Authenticated

Backend State: Idle

RADIUS Server

End-user Device

Force10 switch