Reference Guide
96 | 802.1X
www.dell.com | support.dell.com
The illustration below shows the configuration on the Dell Force10 system before connecting the end-user
device in black and blue text, and after connecting the device in red text. The blue text corresponds to the
preceding numbered steps on dynamic VLAN assignment with 802.1X.
Guest and Authentication-fail VLANs
Typically, the authenticator (Dell Force10 system) denies the supplicant access to the network until the
supplicant is authenticated. If the supplicant is authenticated, the authenticator enables the port and places
it in either the VLAN for which the port is configured, or the VLAN that the authentication server indicates
in the authentication data.
If the supplicant fails authentication, the authenticator typically does not enable the port. In some cases this
behavior is not appropriate. External users of an enterprise network, for example, might not be able to be
authenticated, but still need access to the network. Also, some dumb-terminals such as network printers do
not have 802.1X capability and therefore cannot authenticate themselves. To be able to connect such
devices, they must be allowed access the network without compromising network security.
The Guest VLAN 802.1X extension addresses this limitation with regard to non-802.1X capable devices,
and the Authentication-fail VLAN 802.1X extension addresses this limitation with regard to external users.
Note: Ports cannot be dynamically assigned to the default VLAN.