Dynamic VLAN Assignment with Port Authentication
FTOS supports dynamic VLAN assignment when using 802.1X. The basis for VLAN assignment is
RADIUS attribute 81, Tunnel-Private-Group-ID. Dynamic VLAN assignment uses the standard dot1x
procedure: 1) the host sends a dot1x packet to the Dell Force10system, 2) the system forwards a RADIUS
REQEST packet containing the host MAC address and ingress port number, and 3) the RADIUS server
authenticates the request and returns a RADIUS ACCEPT message with the VLAN assignment using
Tunnel-Private-Group-ID.
Step
Task
1
Configure 8021.x globally (refer to
the illustration in
2
Make the interface a switchport so that it can be assigned to a VLAN.
3
Create the VLAN to which the interface will be assigned.
4
Connect the supplicant to the port configured for 802.1X.
5
Verify that the port has been authorized and placed in the desired VLAN (refer to the illustration in
VLAN Assignment with Port
The illustration below shows the configuration on the Dell Force10 system before connecting the end-user
device in black and blue text, and after connecting the device in red text. The blue text corresponds to the
preceding numbered steps on dynamic VLAN assignment with 802.1X.
98
|
802.1X
Enabling
Dynamic VLAN Assignment with Port
Authentication).
802.1X) along with relevant RADIUS server configurations (refer to
Authentication).
Dynamic