Configuring Dynamic Vlan Assignment For 802.1X Ports - Dell PowerConnect B-FCXs Configuration Manual
Powerconnect b-series fcx
Hide thumbs
Also See for PowerConnect B-FCXs:
- Hardware installation manual (86 pages) ,
- User manual (152 pages) ,
- Getting started manual (260 pages)
Table of Contents
Advertisement
34
Configuring 802.1X port security
The <seconds> parameter specifies the number of seconds the device will wait to re-authenticate
a user after a timeout. The minimum value is 10 seconds. The maximum value is 2
unsigned 16-bit value).
Deny user access to the network after a RADIUS timeout
To set the RADIUS timeout behavior to bypass 802.1X authentication and block user access to the
network, enter commands such as the following
PowerConnect(config)#interface ethernet 3/1
PowerConnect(config-if-e100-3/1)#dot1x auth-timeout-action failure
Syntax: [no] dot1x auth-timeout-action failure
Once the failure timeout action is enabled, use the no form of the command to reset the RADIUS
timeout behavior to retry.
NOTE
If restrict-vlan is configured along with auth-timeout-action failure, the user will be placed into a
VLAN with restricted or limited access.Refer to
RADIUS timeout"
Allow user access to a restricted VLAN after a RADIUS timeout
To set the RADIUS timeout behavior to bypass 802.1X authentication and place the user in a VLAN
with restricted or limited access, enter commands such as the following
PowerConnect(config)#interface ethernet 3/1
PowerConnect(config-if-e100-3/1)#dot1x auth-fail-action restrict-vlan 100
PowerConnect(config-if-e100-3/1)#dot1x auth-timeout-action failure
Syntax: [no] dot1x auth-fail-action restrict-vlan [<vlan-id>]
Syntax: [no] dot1x auth-timeout-action failure
Configuring dynamic VLAN assignment for 802.1X ports
When a client successfully completes the EAP authentication process, the Authentication Server
(the RADIUS server) sends the Authenticator (the Dell PowerConnect device) a RADIUS
Access-Accept message that grants the client access to the network. The RADIUS Access-Accept
message contains attributes set for the user in the user's access profile on the RADIUS server.
If one of the attributes in the Access-Accept message specifies a VLAN identifier, and if this VLAN is
available on the Dell PowerConnect device, the client port is moved from its default VLAN to this
specified VLAN.
NOTE
This feature is supported on port-based VLANs only. This feature cannot be used to place an
802.1X-enabled port into a Layer 3 protocol VLAN.
Automatic removal of dynamic VLAN assignments for 802.1X ports
For increased security, this feature removes any association between a port and a
dynamically-assigned VLAN when all 802.1x sessions for that VLAN have expired on the port.
1230
on page 1230.
"Allow user access to a restricted VLAN after a
PowerConnect B-Series FCX Configuration Guide
16
-1 (maximum
53-1002266-01
Advertisement
Table of Contents
Troubleshooting
