Manualshelf

Quick Reference Guide

ManualsBrandsDell ManualsComputer equipmentPowerConnect B-TI24x
971972973974975976977978979980
PowerConnect B-Series TI24X Configuration Guide 945
53-1002269-02
Configuring 802.1X port security
28
The RADIUS server allows one instance of the Vendor-Specific attribute to be sent in an
Access-Accept message.
Enabling 802.1X port security
By default, 802.1X port security is disabled on Dell devices. To enable the feature on the device
and enter the dot1x configuration level, enter the following command.
PowerConnect(config)# dot1x-enable
PowerConnect(config-dot1x)#
Syntax: [no] dot1x-enable
At the dot1x configuration level, you can enable 802.1X port security on all interfaces at once, on
individual interfaces, or on a range of interfaces.
For example, to enable 802.1X port security on all interfaces on the device, enter the following
command.
PowerConnect(config-dot1x)# enable all
Syntax: [no] enable all
To enable 802.1X port security on interface 11, enter the following command.
PowerConnect(config-dot1x)# enable ethernet 11
Syntax: [no] enable ethernet <portnum>
The <portnum> parameter is a valid port number.
To enable 802.1X port security on interfaces 11 through 16, enter the following command.
PowerConnect(config-dot1x)# enable ethernet 11 to 16
Syntax: [no] enable ethernet<portnum> to <portnum>
The <portnum> parameter is a valid port number.
Setting the port control
To activate authentication on an 802.1X-enabled interface, you specify the kind of port control to
be used on the interface. An interface used with 802.1X port security has two virtual access
points: a controlled port and an uncontrolled port:
The controlled port can be either the authorized or unauthorized state. In the authorized state,
it allows normal traffic to pass between the Client and the Authenticator. In the unauthorized
state, no traffic is allowed to pass.
The uncontrolled port allows only EAPOL traffic between the Client and the Authentication
Server.
Refer to Figure 119 for an illustration of this concept.
Table 10:
ACL or MAC address filter Vendor-specific attribute on RADIUS server
MAC address filter with one entry macfilter.in= deny any any
MAC address filter with two entries macfilter.in= permit 0000.0000.3333 ffff.ffff.0000 any,
macfilter.in= permit 0000.0000.4444 ffff.ffff.0000 any