Users Guide

ManualsBrandsDell ManualsAccess PlatformsPowerSwitch S3048-ON

1401

Command History

This guide is platform-specic. For command information about other platforms, see the relevant Dell Networking

OS Command Line Reference Guide.

Version Description

9.8(1.0) Introduced on the Z9100-ON.

9.8(0.0P5) Introduced on the S4048-ON.

9.8(0.0P2) Introduced on the S3048-ON.

9.7(0.0) Introduced on the S6000–ON.

9.4.(0.0) Introduced on the S-Series and Z-Series.

Usage Information

You can use this command to associate a group of TACACS servers with a VRF and source interface. You can

congure the source interface only with the VRF attribute and source interface is optional with the VRF attributes.

If VRF is not congured on the TACACS group, then the group is considered to be on the default VRF.

RADIUS groups and VRFs have one-to-one mapping. If a VRF is congured with one RADIUS group, then you

cannot use the same VRF with another RADIUS group. When the VRF is removed, then the corresponding

RADIUS group is also removed automatically.

Example

Dell(conf)# tacacs-server group group1

Dell(conf-tacacs-group)# tacacs-server vrf vrf1 source-interface

gigabitethernet 1/36

Dell(conf)# tacacs-server group group2

Dell(conf-tacacs-group)# tacacs-server vrf default

Port Authentication (802.1X) Commands

An authentication server must authenticate a client connected to an 802.1X switch port. Until the authentication, only Extensible

Authentication Protocol over LAN (EAPOL) trac is allowed through the port to which a client is connected. After authentication is

successful, normal trac passes through the port.

Dell Networking OS supports RADIUS and Active Directory environments using 802.1X Port Authentication.

Important Points to Remember

Dell Networking OS limits network access for certain users by using VLAN assignments. 802.1X with VLAN assignment has these

characteristics when congured on the switch and the RADIUS server.

• 802.1X is supported on Dell Networking OS.

• 802.1X is not supported on the LAG or the channel members of a LAG.

• If no VLAN is supplied by the RADIUS server or if 802.1X authorization is disabled, the port is congured in its access VLAN after

successful authentication.

• If 802.1X authorization is enabled but the VLAN information from the RADIUS server is not valid, the port returns to the Unauthorized

state and remains in the congured access VLAN. This prevents ports from appearing unexpectedly in an inappropriate VLAN due to a

conguration error. Conguration errors create an entry in Syslog.

• If 802.1X authorization is enabled and all information from the RADIUS server is valid, the port is placed in the specied VLAN after

authentication.

• If port security is enabled on an 802.1X port with VLAN assignment, the port is placed in the RADIUS server assigned VLAN.

Security

1405