Support For Source Guard Protection; Security On The Same Port - Dell PowerConnect B-FCXs Configuration Manual
Powerconnect b-series fcx
Hide thumbs
Also See for PowerConnect B-FCXs:
- Hardware installation manual (86 pages) ,
- User manual (152 pages) ,
- Getting started manual (260 pages)
Table of Contents
Advertisement
36
Using multi-device port authentication and 802.1X security on the same port
Support for source guard protection
The Dell proprietary Source Guard Protection feature, a form of IP Source Guard, can be used in
conjunction with multi-device port authentication. For details, refer to
protection"
Using multi-device port authentication and 802.1X
security on the same port
On some Dell PowerConnect devices, multi-device port authentication and 802.1X security can be
configured on the same port, as long as the port is not a trunk port or an LACP port. When both of
these features are enabled on the same port, multi-device port authentication is performed prior to
802.1X authentication. If multi-device port authentication is successful, 802.1X authentication
may be performed, based on the configuration of a vendor-specific attribute (VSA) in the profile for
the MAC address on the RADIUS server.
NOTE
When multi-device port authentication and 802.1X security are configured together on the same
port, Dell recommends that dynamic VLANs and dynamic ACLs are done at the multi-device port
authentication level, and not at the 802.1X level.
When both features are configured on a port, a device connected to the port is authenticated as
follows.
1. Multi-device port authentication is performed on the device to authenticate the device MAC
2. If multi-device port authentication is successful for the device, then the device checks whether
3. If the Foundry-802_1x-enable VSA is not present in the Access-Accept message, or is present
4. If the Foundry-802_1x-enable VSA is present in the Access-Accept message, and is set to 0,
5. If 802.1X authentication is performed on the device, and is successful, then dynamic VLANs or
If multi-device port authentication fails for a device, then by default traffic from the device is either
blocked in hardware, or the device is placed in a restricted VLAN. You can optionally configure the
Dell PowerConnect device to perform 802.1X authentication on a device when it fails multi-device
port authentication. Refer to
used.
1276
on page 1286.
address.
the RADIUS server included the Foundry-802_1x-enable VSA (described in
Access-Accept message that authenticated the device.
and set to 1, then 802.1X authentication is performed for the device.
then 802.1X authentication is skipped. The device is authenticated, and any dynamic VLANs
specified in the Access-Accept message returned during multi-device port authentication are
applied to the port.
ACLs specified in the Access-Accept message returned during 802.1X authentication are
applied to the port.
"Example 2"
on page 1304 for a sample configuration where this is
PowerConnect B-Series FCX Configuration Guide
"Enabling source guard
Table
225) in the
53-1002266-01
Advertisement
Table of Contents
Troubleshooting
