Quick Reference Guide

ManualsBrandsDell ManualsComputer equipmentPowerConnect B-TI24x

961

962

963

964

965

966

967

968

969

970

PowerConnect B-Series TI24X Configuration Guide 933

53-1002269-02

Configuring 802.1X port security

• Dynamic multiple VLAN assignment for 802.1X ports. Refer “Dynamic multiple VLAN

assignment for 802.1X ports” on page 939.

• Configure a restriction to forward authenticated and unauthenticated tagged and

untagged clients to a restricted VLAN.

• Configure an override to send failed dot1x and non-dot1x clients to a restricted VLAN.

• Configure VLAN assignments for clients attempting to gain access through dual-mode

ports.

• Enhancements to some show commands.

• Differences in command syntax for saving dynamic VLAN assignments to the

startup-config file.

Configurable hardware aging period for denied client dot1x-mac-sessions

When one of the 802.1X-enabled Clients in a multiple-host configuration attempts to log into a

network in which a device serves as an Authenticator, the device creates a dot1x-mac-session for

the Client.

When a Client has been denied access to the network, its dot1x-mac-session is aged out if no

traffic is received from the Client MAC address over a period of time. After a denied Client

dot1x-mac-session ages out, the Client can be re-authenticated. Aging of a denied Client's

dot1x-mac-session occurs in two phases, known as hardware aging and software aging.

The hardware aging period for a denied Client's dot1x-mac-session is not fixed at 70 seconds. The

hardware aging period for a denied Client's dot1x-mac-session is equal to the length of time

specified with the dot1x timeout quiet-period command. By default, the hardware aging time is 60

seconds. Once the hardware aging period ends, the software aging period begins. When the

software aging period ends, the denied Client's dot1x-mac-session ages out, and the Client can be

authenticated again.

802.1X port security and sFlow

sFlow is a standards-based protocol that allows network traffic to be sampled at a user-defined rate

for the purpose of monitoring traffic flow patterns and identifying packet transfer rates on

user-specified interfaces.

When you enable sFlow forwarding on an 802.1X-enabled interface, the samples taken from the

interface include the user name string at the inbound or outbound port, or both, if that information

is available.

For more information on sFlow, refer to Appendix A, “Network Monitoring”.

Configuring 802.1X port security

Configuring 802.1X port security on a device consists of the following tasks.

1. Configure the device interaction with the Authentication Server:

• “Configuring an authentication method list for 802.1X” on page 934

• “Setting RADIUS parameters” on page 934

• “Configuring dynamic VLAN assignment for 802.1X ports” on page 938 (optional)