Dell PowerConnect 8024 User Configuration Manual page 486
Hide thumbs
Also See for PowerConnect 8024:
- User configuration manual (1294 pages) ,
- Cli reference manual (1132 pages) ,
- User manual (778 pages)
Table of Contents
Advertisement
Dynamic VLAN Creation
If RADIUS-assigned VLANs are enabled though the Authorization Network
RADIUS configuration option, the RADIUS server is expected to include the
VLAN ID in the 802.1X tunnel attributes of its response message to the
switch. If dynamic VLAN creation is enabled on the switch and the RADIUS-
assigned VLAN does not exist, then the assigned VLAN is dynamically
created. This implies that the client can connect from any port and can get
assigned to the appropriate VLAN. This gives flexibility for clients to move
around the network without much additional configuration required.
Guest VLAN
The Guest VLAN feature allows a switch to provide a distinguished service to
unauthenticated users. This feature provides a mechanism to allow users
access to hosts on the guest VLAN. For example, a company might provide a
guest VLAN to visitors and contractors to permit network access that allows
visitors to connect to external network resources, such as the Internet, with
no ability to browse information on the internal LAN.
In port-based 802.1X mode, when a client that does not support 802.1X is
connected to an unauthorized port that is 802.1X-enabled, the client does not
respond to the 802.1X requests from the switch. Therefore, the port remains
in the unauthorized state, and the client is not granted access to the network.
If a guest VLAN is configured for that port, then the port is placed in the
configured guest VLAN and the port is moved to the authorized state,
allowing access to the client. However, if the port is in MAC-based 802.1X
authentication mode, it will not move to the authorized state. MAC-based
mode makes it possible for both authenticated and guest clients to use the
same port at the same time.
NOTE:
MAB and the guest VLAN feature are mutually exclusive on a port.
Client devices that are 802.1X-supplicant-enabled authenticate with the
switch when they are plugged into the 802.1X-enabled switch port. The
switch verifies the credentials of the client by communicating with an
authentication server. If the credentials are verified, the authentication server
unblock
informs the switch to
the switch port and allows the client
unrestricted access to the network; i.e., the client is a member of an internal
VLAN.
486
Configuring 802.1X and Port-Based Security
Hide quick links:
Advertisement
Table of Contents
