Enabling 802.1X Port Security - Dell PowerConnect B-FCXs Configuration Manual
Powerconnect b-series fcx
Hide thumbs
Also See for PowerConnect B-FCXs:
- Hardware installation manual (86 pages) ,
- User manual (152 pages) ,
- Getting started manual (260 pages)
Table of Contents
Advertisement
•
•
•
Configuring per-user IP ACLs or MAC address filters
Per-user IP ACLs and MAC address filters make use of the Vendor-Specific (type 26) attribute to
dynamically apply filters to ports. Defined in the Vendor-Specific attribute are Dell ACL or MAC
address filter statements. When the RADIUS server returns the Access-Accept message granting a
client access to the network, the Dell PowerConnect device reads the statements in the
Vendor-Specific attribute and applies these IP ACLs or MAC address filters to the client port. When
the client disconnects from the network, the dynamically applied filters are no longer applied to the
port. If any filters had been applied to the port previous to the client connecting, then those filters
are reapplied to the port.
NOTE
Dynamic IP ACL filters and MAC address filters are not supported on the same port at the same time.
The following table shows the syntax for configuring the Dell Vendor-Specific attributes with ACL or
MAC address filter statements.
Value
ipACL.e.in=<extended-ACL-entries>
macfilter.in=<mac-filter-entries>
The following table shows examples of IP ACLs and MAC address filters configured in the Dell
Vendor-Specific attribute on a RADIUS server. These IP ACLs and MAC address filters follow the
same syntax as other Dell ACLs and MAC address filters. Refer to the related chapters in this book
for information on syntax.
ACL or MAC address filter
MAC address filter with one entry
MAC address filter with two entries
The RADIUS server allows one instance of the Vendor-Specific attribute to be sent in an
Access-Accept message.
Enabling 802.1X port security
By default, 802.1X port security is disabled on Dell PowerConnect devices. To enable the feature
on the device and enter the dot1x configuration level, enter the following command.
PowerConnect(config)#dot1x-enable
PowerConnect(config-dot1x)#
PowerConnect B-Series FCX Configuration Guide
53-1002266-01
Dynamic ACL filters are supported only for the inbound direction. Dynamic outbound ACL
filters are not supported.
MAC address filters are supported only for the inbound direction. Outbound MAC address
filters are not supported.
Dynamically assigned IP ACLs and MAC address filters are subject to the same configuration
restrictions as non-dynamically assigned IP ACLs and MAC address filters.
Configuring 802.1X port security
Description
Applies the specified extended ACL entries to the 802.1X
authenticated port in the inbound direction.
Applies the specified MAC address filter entries to the 802.1X
authenticated port in the inbound direction.
Vendor-specific attribute on RADIUS server
macfilter.in= deny any any
macfilter.in= permit 0000.0000.3333 ffff.ffff.0000 any,
macfilter.in= permit 0000.0000.4444 ffff.ffff.0000 any
34
1237
Advertisement
Table of Contents
Troubleshooting
