Quick Reference Guide
PowerConnect B-Series TI24X Configuration Guide 983
53-1002269-02
Using multi-device port authentication and 802.1X security on the same port
30
Support for dynamic VLAN assignment
The multi-device port authentication feature supports dynamic VLAN assignment, where a port can
be placed in one or more VLANs based on the MAC address learned on that interface. For details
about this feature, refer to “Configuring the RADIUS server to support dynamic VLAN assignment”
on page 989.
Support for dynamic ACLs
The multi-device port authentication implementation supports the assignment of a MAC address to
a specific ACL, based on the MAC address learned on the interface. For details about this feature,
refer to “Dynamically applying IP ACLs to authenticated MAC addresses” on page 990.
Support for authenticating multiple MAC addresses
on an interface
The multi-device port authentication feature allows multiple MAC addresses to be authenticated or
denied authentication on each interface. The maximum number of MAC addresses that can be
authenticated on each interface is limited only by the amount of system resources available on the
device.
Using multi-device port authentication and
802.1X security on the same port
Multi-device port authentication and 802.1X security can be configured on the same port. When
both of these features are enabled on the same port, multi-device port authentication is performed
prior to 802.1X authentication. If multi-device port authentication is successful, 802.1X
authentication may be performed, based on the configuration of a vendor-specific attribute (VSA) in
the profile for the MAC address on the RADIUS server.
NOTE
When multi-device port authentication and 802.1X security are configured together on the same
port, Dell recommends that dynamic VLANs and dynamic ACLs are done at the multi-device port
authentication level, and not at the 802.1X level.
When both features are configured on a port, a device connected to the port is authenticated as
follows.
1. Multi-device port authentication is performed on the device to authenticate the device MAC
address.
2. If multi-device port authentication is successful for the device, then the device checks whether
the RADIUS server included the Foundry-802_1x-enable VSA (described in Table 158) in the
Access-Accept message that authenticated the device.
3. If the Foundry-802_1x-enable VSA is not present in the Access-Accept message, or is present
and set to 1, then 802.1X authentication is performed for the device.