Dynamic Vlan Assignment With Port Authentication - Dell Force10 S4810P Configuration Manual

High-density, 1ru 48-port 10gbe switch

Hide thumbs Also See for Force10 S4810P:

Table of Contents

Dynamic VLAN Assignment with Port Authentication

FTOS supports dynamic VLAN assignment when using 802.1X. The basis for VLAN assignment is

RADIUS attribute 81, Tunnel-Private-Group-ID. Dynamic VLAN assignment uses the standard dot1x

procedure: 1) the host sends a dot1x packet to the Dell Force10system, 2) the system forwards a RADIUS

REQEST packet containing the host MAC address and ingress port number, and 3) the RADIUS server

authenticates the request and returns a RADIUS ACCEPT message with the VLAN assignment using

Tunnel-Private-Group-ID.

Configure 8021.x globally (refer to

the illustration in

Make the interface a switchport so that it can be assigned to a VLAN.

Create the VLAN to which the interface will be assigned.

Connect the supplicant to the port configured for 802.1X.

Verify that the port has been authorized and placed in the desired VLAN (refer to the illustration in

VLAN Assignment with Port

The illustration below shows the configuration on the Dell Force10 system before connecting the end-user

device in black and blue text, and after connecting the device in red text. The blue text corresponds to the

preceding numbered steps on dynamic VLAN assignment with 802.1X.

Dynamic VLAN Assignment with Port

Authentication).

802.1X) along with relevant RADIUS server configurations (refer to

Authentication).