Reference Guide

Configuring Dynamic VLAN Assignment with Port

Authentication

On the Z9500, 802.1X authentication supports dynamic VLAN assignment.

The basis for VLAN assignment is RADIUS attribute 81, Tunnel-Private-Group-ID. Dynamic VLAN assignment uses the standard

dot1x procedure:

1. The host sends a dot1x packet to the Dell Networking system

2. The system forwards a RADIUS REQEST packet containing the host MAC address and ingress port number

3. The RADIUS server authenticates the request and returns a RADIUS ACCEPT message with the VLAN assignment using

Tunnel-Private-Group-ID

The illustration shows the configuration before connecting the end user device in black and blue text, and after connecting the

device in red text. The blue text corresponds to the preceding numbered steps on dynamic VLAN assignment with 802.1X.

Figure 7. Dynamic VLAN Assignment

1. Configure 8021.x globally (refer to Enabling 802.1X) along with relevant RADIUS server configurations (refer to the

illustration inDynamic VLAN Assignment with Port Authentication).

2. Make the interface a switchport so that it can be assigned to a VLAN.

3. Create the VLAN to which the interface will be assigned.

4. Connect the supplicant to the port configured for 802.1X.

5. Verify that the port has been authorized and placed in the desired VLAN (refer to the illustration in Dynamic VLAN

Assignment with Port Authentication).

802.1X