Reference Guide
Configuring Dynamic VLAN Assignment with Port
Authentication
On the Z9500, 802.1X authentication supports dynamic VLAN assignment.
The basis for VLAN assignment is RADIUS attribute 81, Tunnel-Private-Group-ID. Dynamic VLAN assignment uses the standard
dot1x procedure:
1. The host sends a dot1x packet to the Dell Networking system
2. The system forwards a RADIUS REQEST packet containing the host MAC address and ingress port number
3. The RADIUS server authenticates the request and returns a RADIUS ACCEPT message with the VLAN assignment using
Tunnel-Private-Group-ID
The illustration shows the configuration before connecting the end user device in black and blue text, and after connecting the
device in red text. The blue text corresponds to the preceding numbered steps on dynamic VLAN assignment with 802.1X.
Figure 7. Dynamic VLAN Assignment
1. Configure 8021.x globally (refer to Enabling 802.1X) along with relevant RADIUS server configurations (refer to the
illustration inDynamic VLAN Assignment with Port Authentication).
2. Make the interface a switchport so that it can be assigned to a VLAN.
3. Create the VLAN to which the interface will be assigned.
4. Connect the supplicant to the port configured for 802.1X.
5. Verify that the port has been authorized and placed in the desired VLAN (refer to the illustration in Dynamic VLAN
Assignment with Port Authentication).
76
802.1X