Dynamic Vlan Assignment With Port Authentication - Dell Force10 C150 Configuration Manual
Ftos configuration guide ftos 8.4.2.7 e-series terascale, c-series, s-series (s50/s25)
Hide thumbs
Also See for Force10 C150:
- Manual (57 pages) ,
- Manual (66 pages) ,
- Quick start manual (33 pages)
Table of Contents
Advertisement
Dynamic VLAN Assignment with Port Authentication
Dynamic VLAN Assignment with Port Authentication
FTOS supports dynamic VLAN assignment when using 802.1X. During 802.1x authentication, the
existing VLAN configuration of a port assigned to a non-default VLAN is overwritten and the port is
assigned to a specified VLAN.
•
If 802.1x authentication is disabled on the port, the port is re-assigned to the previously-configured
VLAN.
•
If 802.1x authentication fails and if the authentication-fail VLAN is enabled for the port (see
Configuring an Authentication-Fail VLAN on page
VLAN.
The dynamic VLAN assignment is based on RADIUS attribute 81, Tunnel-Private-Group-ID, and uses the
following standard dot1x procedure:
1. The host sends a dot1x packet to the Dell Force10 system.
2. The system forwards a RADIUS REQUEST packet containing the host MAC address and ingress port
number.
3. The RADIUS server authenticates the request and returns a RADIUS ACCEPT message with the
VLAN assignment using Tunnel-Private-Group-ID.
The dynamic VLAN assignment from the RADIUS server always overrides the configuration on the
switch for the given port. This applies to ports already configured with a non-default VLAN.
Note: For the C-Series, S-Series, and E-Series TeraScale platforms, the dynamic VLAN assignment fails
if a port is assigned to a non-default VLAN and if the non-default VLAN assignment was configured on an
FTOS version earlier than 8.4.2.3.
To configure dynamic VLAN assignment with 802.1x port authentication:
Step
Task
1
Configure 802.1x globally and at interface level (see
server configurations.
2
Make the interface a switchport so that it can be assigned to a VLAN.
3
Create the VLAN to which the interface will be assigned.
4
Connect the supplicant to the port configured for 802.1X.
5
Verify that the port has been authorized and placed in the desired VLAN by entering the
show vlan
and
commands (red text in
Figure
is supported on platforms:
122), the port is assigned to the authentication-fail
Enabling 802.1X on page
7-11).
c s e
112) along with relevant RADIUS
show dot1x interface
t
802.1X | 119
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
