EasyManua.ls Logo

Dell PowerConnect B-RX - Page 1020

Dell PowerConnect B-RX
1458 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Loading...
944 BigIron RX Series Configuration Guide
53-1002253-01
Example configurations
31
FIGURE 122 Using multi-device port authentication and 802.1X authentication on the same port
When the devices attempt to connect to the network, they are first subject to multi-device port
authentication.
When the MAC address of the IP phone is authenticated, the Access-Accept message from the
RADIUS server specifies that the IP phone port be placed into the VLAN named “IP-Phone-VLAN”.
which is VLAN 7. The Foundry-802_1x-enable attribute is set to 0, meaning that 802.1X
authentication is skipped for this MAC address. Port e 1/3 is placed in VLAN 7 as a tagged port.
No further authentication is performed.
When the PC MAC address is authenticated, the Access-Accept message from the RADIUS server
specifies that the PVID for the PC port be changed to the VLAN named “Login-VLAN”, which is VLAN
1024. The Foundry-802_1x-enable attribute is set to 1, meaning that 802.1X authentication is
required for this MAC address. The PVID of the port e 1/3 is temporarily changed to VLAN 1024,
pending 802.1X authentication.
When User 1 attempts to connect to the network from the PC, he is subject to 802.1X
authentication. If User 1 is successfully authenticated, the Access-Accept message from the
RADIUS server specifies that the PVID for User 1 port be changed to the VLAN named “User-VLAN”,
which is VLAN 3. If 802.1X authentication for User 1 is unsuccessful, the PVID for port e 1/3 is
changed to that of the restricted VLAN, which is 1023, or untagged traffic from port e 1/3 can be
blocked in hardware.
The part of the running-config related to port e 1/3 would be as follows.
interface ethernet 1/3
dot1x port-control auto
mac-authentication enable
Hub
User 0002.3f7f.2e0a (PC) Profile:
Foundry-y-802_1x-enable = 1
Tunnel-Private-Group-ID: = U:Login-VLAN
User 1 Profile:
Tunnel-Private-Group-ID: = U:IP-User-VLAN
BigIron Switch
Port e1/3
Dual Mode
Hub
Untagged
Tagged
RADIUS Server
PC
MAC: 0002.3f7f.2e0a
User 1
IP Phone
MAC: 0050.048e.86ac
User 0050.048e.86ac (IP Phone) Profile:
Foundry-802_1x-enable = 0
Tunnel-Private-Group-ID = T:IP-Phone-VLA
N

Table of Contents

Other manuals for Dell PowerConnect B-RX

Preview: Getting Started Guide
Getting Started Guide32 pages

Related product manuals