EasyManua.ls Logo

Dell Force10 C150 - Dynamic VLAN Assignment with Port Authentication

Dell Force10 C150
1262 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Loading...
802.1X | 119
Dynamic VLAN Assignment with Port Authentication
Dynamic VLAN Assignment with Port Authentication is supported on platforms: c s e
t
FTOS supports dynamic VLAN assignment when using 802.1X. During 802.1x authentication, the
existing VLAN configuration of a port assigned to a non-default VLAN is overwritten and the port is
assigned to a specified VLAN.
If 802.1x authentication is disabled on the port, the port is re-assigned to the previously-configured
VLAN.
If 802.1x authentication fails and if the authentication-fail VLAN is enabled for the port (see
Configuring an Authentication-Fail VLAN on page 122), the port is assigned to the authentication-fail
VLAN.
The dynamic VLAN assignment is based on RADIUS attribute 81, Tunnel-Private-Group-ID, and uses the
following standard dot1x procedure:
1. The host sends a dot1x packet to the Dell Force10 system.
2. The system forwards a RADIUS REQUEST packet containing the host MAC address and ingress port
number.
3. The RADIUS server authenticates the request and returns a RADIUS ACCEPT message with the
VLAN assignment using Tunnel-Private-Group-ID.
The dynamic VLAN assignment from the RADIUS server always overrides the configuration on the
switch for the given port. This applies to ports already configured with a non-default VLAN.
To configure dynamic VLAN assignment with 802.1x port authentication:
Note: For the C-Series, S-Series, and E-Series TeraScale platforms, the dynamic VLAN assignment fails
if a port is assigned to a non-default VLAN and if the non-default VLAN assignment was configured on an
FTOS version earlier than 8.4.2.3.
Step Task
1 Configure 802.1x globally and at interface level (see Enabling 802.1X on page 112) along with relevant RADIUS
server configurations.
2 Make the interface a switchport so that it can be assigned to a VLAN.
3 Create the VLAN to which the interface will be assigned.
4 Connect the supplicant to the port configured for 802.1X.
5 Verify that the port has been authorized and placed in the desired VLAN by entering the show dot1x interface
and show vlan commands (red text in Figure 7-11).

Table of Contents

Other manuals for Dell Force10 C150

Preview: Manual
Manual66 pages
Preview: Quick Start Guide
Quick Start Guide32 pages

Related product manuals