Reference Guide
802.1X | 93
Figure 6-11. Dynamic VLAN Assignment with 802.1X
Guest and Authentication-fail VLANs
Typically, the authenticator (Force10 system) denies the supplicant access to the network until the
supplicant is authenticated. If the supplicant is authenticated, the authenticator enables the port and places
it in either the VLAN for which the port is configured, or the VLAN that the authentication server indicates
in the authentication data.
Note: Ports cannot be dynamically assigned to the default VLAN.
fnC0065mp
Force10(conf-if-vl-400)# show config
interface Vlan 400
no ip address
shutdown
Force10#show vlan
Codes: * - Default VLAN, G - GVRP VLANs
Q: U - Untagged, T - Tagged
x - Dot1x untagged, X - Dot1x tagged
G - GVRP tagged
NUM Status Description Q Ports
* 1 Inactive U Gi 1/10
400 Inactive
Force10#show vlan
Codes: * - Default VLAN, G - GVRP VLANs
Q: U - Untagged, T - Tagged
x - Dot1x untagged, X - Dot1x tagged
G - GVRP tagged
NUM Status Description Q Ports
* 1 Inactive
400 Active U Gi 1/10
radius-server host 10.11.197.169 auth-port 1645
key 7 387a7f2df5969da4
1/10
Force10(conf-if-gi-1/10)#show config
interface GigabitEthernet 1/10
no ip address
switchport
dot1x authentication
no shutdow
F
orce10#show dot1x interface gigabitethernet 1/10
8
02.1x information on Gi 1/10:
-
----------------------------
D
ot1x Status: Enable
P
ort Control: AUTO
P
ort Auth Status: AUTHORIZED
R
e-Authentication: Disable
U
ntagged VLAN id: 400
T
x Period: 30 seconds
Q
uiet Period: 60 seconds
R
eAuth Max: 2
S
upplicant Timeout: 30 seconds
S
erver Timeout: 30 seconds
R
e-Auth Interval: 3600 seconds
M
ax-EAP-Req: 2
A
uth Type: SINGLE_HOST
A
uth PAE State: Authenticated
B
ackend State: Idle
RADIUS Server
End-user Device
Force10 switch
1
2
1
3
4