Manualshelf

CLI Guide

ManualsBrandsDell ManualsAccess PlatformsPowerSwitch Z9100-ON
1471147214731474147514761477147814791480
Version Description
9.8(1.0) Introduced on the Z9100-ON.
9.8(0.0P5) Introduced on the S4048-ON.
9.8(0.0P2) Introduced on the S3048-ON.
9.7(0.0) Introduced on the S6000–ON.
9.4.(0.0) Introduced on the S-Series and Z-Series.
Usage Information
You can use this command to associate a group of TACACS servers with a VRF and
source interface. You can configure the source interface only with the VRF
attribute and source interface is optional with the VRF attributes.
If VRF is not configured on the TACACS group, then the group is considered to be
on the default VRF.
RADIUS groups and VRFs have one-to-one mapping. If a VRF is configured with
one RADIUS group, then you cannot use the same VRF with another RADIUS
group. When the VRF is removed, then the corresponding RADIUS group is also
removed automatically.
Example
Port Authentication (802.1X) Commands
An authentication server must authenticate a client connected to an 802.1X switch port. Until the
authentication, only Extensible Authentication Protocol over LAN (EAPOL) traffic is allowed through the
port to which a client is connected. After authentication is successful, normal traffic passes through the
port.
Dell Networking OS supports RADIUS and Active Directory environments using 802.1X Port
Authentication.
Important Points to Remember
Dell Networking OS limits network access for certain users by using VLAN assignments. 802.1X with VLAN
assignment has these characteristics when configured on the switch and the RADIUS server.
802.1X is supported on Dell Networking OS.
802.1X is not supported on the LAG or the channel members of a LAG.
If no VLAN is supplied by the RADIUS server or if 802.1X authorization is disabled, the port is
configured in its access VLAN after successful authentication.
If 802.1X authorization is enabled but the VLAN information from the RADIUS server is not valid, the
port returns to the Unauthorized state and remains in the configured access VLAN. This prevents ports
from appearing unexpectedly in an inappropriate VLAN due to a configuration error. Configuration
errors create an entry in Syslog.
If 802.1X authorization is enabled and all information from the RADIUS server is valid, the port is
placed in the specified VLAN after authentication.
Security
1473