Reference Guide

ManualsBrandsDell ManualsAccess PlatformsPowerSwitch S5000

101

102

103

104

105

106

107

108

109

110

110 | 802.1X

www.dell.com | support.dell.com

Figure 6-10. Configuring a Timeout

Dynamic VLAN Assignment with Port Authentication

Dell Networking OS supports dynamic VLAN assignment when using 802.1X. The basis for VLAN

assignment is RADIUS attribute 81, Tunnel-Private-Group-ID. Dynamic VLAN assignment uses the

standard dot1x procedure: 1) the host sends a dot1x packet to the Dell Networking system, 2) the system

forwards a RADIUS REQEST packet containing the host MAC address and ingress port number, and 3)

the RADIUS server authenticates the request and returns a RADIUS ACCEPT message with the VLAN

assignment using Tunnel-Private-Group-ID.

The illustration below shows the configuration on the Dell Networking system before connecting the

end-user device in black and blue text, and after connecting the device in red text. The blue text

corresponds to the preceding numbered steps on dynamic VLAN assignment with 802.1X.

Step Task

1 Configure 8021.x globally (refer to Enabling 802.1X) along with relevant RADIUS server configurations (refer to

the illustration in Dynamic VLAN Assignment with Port Authentication).

2 Make the interface a switchport so that it can be assigned to a VLAN.

3 Create the VLAN to which the interface will be assigned.

4 Connect the supplicant to the port configured for 802.1X.

5 Verify that the port has been authorized and placed in the desired VLAN (refer to the illustration in Dynamic

VLAN Assignment with Port Authentication).

Dell (conf-if-te-0/0)#dot1x port-control force-authorized

Dell (conf-if-te-0/0)#do show dot1x interface TenGigabitEthernet 0/0

802.1x information on Te 0/0:

-----------------------------

Dot1x Status: Enable

Port Control: FORCE_AUTHORIZED

Port Auth Status: UNAUTHORIZED

Re-Authentication: Disable

Untagged VLAN id: None

Guest VLAN: Disable

Guest VLAN id: NONE

Auth-Fail VLAN: Disable

Auth-Fail VLAN id: NONE

Auth-Fail Max-Attempts: NONE

Tx Period: 90 seconds

Quiet Period: 120 seconds

ReAuth Max: 10

Supplicant Timeout: 15 seconds

Server Timeout: 15 seconds

Re-Auth Interval: 7200 seconds

Max-EAP-Req: 10

Auth Type: SINGLE_HOST

Auth PAE State: Initialize

Backend State: Initialize

New Supplicant and Server Timeouts