A SERVICE OF

logo

Open as PDF
next previous
120 | 802.1X
www.dell.com | support.dell.com
Figure 7-11 shows the configuration on a Dell Force10 switch that uses dynamic VLAN assignment with
802.1X before you connect the end-user device (black and blue text), and after you connect the device (red
text).
The blue text corresponds to the numbered steps on page 119. Note that the GigabitEthernet 1/11 port, on
which dynamic VLAN assignment with 802.1X is configured, is initially an untagged member of VLAN
300. After a successful 802.1x authentication with dynamic VLAN configuration, the port becomes an
untagged member of VLAN 400 (assigned by the RADIUS server during authentication).
Figure 7-11. Dynamic VLAN Assignment with 802.1X
Note: In the show vlan command output, if the statically-configured VLAN and the 802.1X
dynamically-assigned VLAN are the same, the 802.1x-authorized port is displayed with U for Untagged.
If the two VLANs are not the same, the 802.1x-authorized port is displayed with x for Dot1X untagged.
Force10(conf-if-vl-400)# show config
interface Vlan 400
no ip address
shutdown
Force10#show vlan
Codes: * - Default VLAN, G - GVRP VLANs
Q: U - Untagged, T - Tagged
x - Dot1x untagged, X - Dot1x tagged
G - GVRP tagged
NUM Status Description Q Ports
* 1 Inactive
300 Inactive U Gi 1/11
400 Inactive
***After authentication***
Force10#show vlan
Codes: * - Default VLAN, G - GVRP VLANs
Q: U - Untagged, T - Tagged
x - Dot1x untagged, X - Dot1x tagged
G - GVRP tagged
NUM Status Description Q Ports
* 1 Inactive
300 In active
400 Active x Gi 1/11
***After disconnectiong the end-user device, the GigabitEthernet 1/11
port is re-assigned to VLAN 300.
radius-server host 10.11.197.16
9
auth-port 1645
key 7 387a7f2df5969da4
1/11
Force10(conf-if-gi-1/11)#show config
interface GigabitEthernet 1/11
no ip address
switchport
dot1x authentication
no shutdown
*
**After authentication***
F
orce10#show dot1x interface gigabitethernet 1/11
8
02.1x information on Gi 1/11:
-
----------------------------
D
ot1x Status: Enable
P
ort Control: AUTO
P
ort Auth Status: AUTHORIZED
R
e-Authentication: Disable
U
ntagged VLAN id: 400
T
x Period: 30 seconds
Q
uiet Period: 60 seconds
R
eAuth Max: 2
S
upplicant Timeout: 30 seconds
S
erver Timeout: 30 seconds
R
e-Auth Interval: 3600 seconds
M
ax-EAP-Req: 2
A
uth Type: SINGLE_HOST
A
uth PAE State: Authenticated
B
ackend State: Idle
RADIUS Server
End-user Device
Force10 switch
1
Force10(conf-if-vl-300)#show confi
g
interface Vlan 300
no ip address
untagged GigabitEthernet 1/11
shutdown
1
3
2
4