Reference Guide

ManualsBrandsDell ManualsAccess PlatformsPowerSwitch S5000

111

112

113

114

115

116

117

118

119

120

802.1X | 111

Figure 6-11. Dynamic VLAN Assignment with 802.1X

Guest and Authentication-fail VLANs

Typically, the authenticator (Dell Networking system) denies the supplicant access to the network until the

supplicant is authenticated. If the supplicant is authenticated, the authenticator enables the port and places

it in either the VLAN for which the port is configured, or the VLAN that the authentication server indicates

in the authentication data.

Note: Ports cannot be dynamically assigned to the default VLAN.

fnC0065mp

FTOS(conf-if-vl-400)# show config

interface Vlan 400

no ip address

shutdown

FTOS#show vlan

Codes: * - Default VLAN, G - GVRP VLANs

Q: U - Untagged, T - Tagged

x - Dot1x untagged, X - Dot1x tagged

G - GVRP tagged

NUM Status Description Q Ports

* 1 Inactive U Te 1/10

400 Inactive

FTOS#show vlan

Codes: * - Default VLAN, G - GVRP VLANs

Q: U - Untagged, T - Tagged

x - Dot1x untagged, X - Dot1x tagged

G - GVRP tagged

NUM Status Description Q Ports

* 1 Inactive

600 Inactive

400 Active x Te 1/10

radius-server host 10.11.197.169 auth-port 1645

key 7 387a7f2df5969da4

1/10

FTOS(conf-if-Te-1/10)#show config

interface TenGigabitEthernet 1/10

no ip address

switchport

dot1x authentication

no shutdown

FTOS#show dot1x interface TenGigabitEthernet 1/10

802.1x information on Te 1/10:

-----------------------------

Dot1x Status: Enable

Port Control: AUTO

Port Auth Status: AUTHORIZED

Re-Authentication: Disable

Untagged VLAN id: 400

x Period: 30 seconds

Quiet Period: 60 seconds

ReAuth Max: 2

Supplicant Timeout: 30 seconds

Server Timeout: 30 seconds

Re-Auth Interval: 3600 seconds

Max-EAP-Req: 2

Auth Type: SINGLE_HOST

Auth PAE State: Authenticated

Backend State: Idle

RADIUS Server

End-user Device

Switch