Reference Guide
802.1X | 95
Backend State: Initialize
Dynamic VLAN Assignment with Port Authentication
FTOS supports dynamic VLAN assignment when using 802.1X. The basis for VLAN assignment is
RADIUS attribute 81, Tunnel-Private-Group-ID. Dynamic VLAN assignment uses the standard dot1x
procedure: 1) the host sends a dot1x packet to the Dell Force10system, 2) the system forwards a RADIUS
REQEST packet containing the host MAC address and ingress port number, and 3) the RADIUS server
authenticates the request and returns a RADIUS ACCEPT message with the VLAN assignment using
Tunnel-Private-Group-ID.
Step Task
1 Configure 8021.x globally (refer to Enabling 802.1X) along with relevant RADIUS server configurations (refer to
the illustration in Dynamic VLAN Assignment with Port Authentication).
2 Make the interface a switchport so that it can be assigned to a VLAN.
3 Create the VLAN to which the interface will be assigned.
4 Connect the supplicant to the port configured for 802.1X.
5 Verify that the port has been authorized and placed in the desired VLAN (refer to the illustration in Dynamic
VLAN Assignment with Port Authentication).