Quick Reference Guide
970 PowerConnect B-Series TI24X Configuration Guide
53-1002269-02
Using multi-device port authentication and 802.1X security on the same port
28
When User 1 attempts to connect to the network from the PC, he is subject to 802.1X
authentication. If User 1 is successfully authenticated, the Access-Accept message from the
RADIUS server specifies that the PVID for User 1 port be changed to the VLAN named “User-VLAN”,
which is VLAN 3. If 802.1X authentication for User 1 is unsuccessful, the PVID for port 3 is
changed to that of the restricted VLAN, which is 1023, or untagged traffic from port e 3 can be
blocked in hardware.
The part of the running-config related to port e 3 would be as follows.
interface ethernet 3
dot1x port-control auto
mac-authentication enable
dual-mode
When the PC is authenticated using multi-device port authentication, the port PVID is changed to
“Login-VLAN”, which is VLAN 1024 in this example.
When User 1 is authenticated using 802.1X authentication, the port PVID is changed to
“User-VLAN”, which is VLAN 3 in this example.
Example 2
The configuration in Figure 126 requires that you create a profile on the RADIUS server for each
MAC address to which a device or user can connect to the network. In a large network, this can be
difficult to implement and maintain.
As an alternative, you can create MAC address profiles only for those devices that do not support
802.1X authentication, such as IP phones and printers, and configure the Dell device to perform
802.1X authentication for the other devices that do not have MAC address profiles, such as user
PCs. To do this, you configure the Dell device to perform 802.1X authentication when a device fails
multi-device port authentication.