Manualshelf

Quick Reference Guide

ManualsBrandsDell ManualsComputer equipmentPowerConnect B-TI24x
9919929939949959969979989991000
PowerConnect B-Series TI24X Configuration Guide 965
53-1002269-02
Sample 802.1X configurations
28
PowerConnect(config)# interface e 1
PowerConnect(config-if-e10000-1)# dot1x port-control auto
PowerConnect(config-if-e10000-1)# dot1x multiple-hosts
PowerConnect(config-if-e10000-1)# exit
802.1X Authentication with dynamic VLAN assignment
Figure 125 illustrates 802.1X authentication with dynamic VLAN assignment. In this configuration,
two user PCs are connected to a hub, which is connected to port e2. Port e2 is configured as a
dual-mode port. Both PCs transmit untagged traffic. The profile for User 1 on the RADIUS server
specifies that User 1 PC should be dynamically assigned to VLAN 3. The RADIUS profile for User 2
on the RADIUS server specifies that User 2 PC should be dynamically assigned to VLAN 20.
FIGURE 125 Sample configuration using 802.1X authentication with dynamic VLAN assignment
In this example, the PVID for port e2 would be changed based on the first host to be successfully
authenticated. If User 1 is authenticated first, then the PVID for port e2 is changed to VLAN 3. If
User 2 is authenticated first, then the PVID for port e2 is changed to VLAN 20. Since a PVID cannot
be changed by RADIUS authentication after it has been dynamically assigned, if User 2 is
authenticated after the port PVID was changed to VLAN 3, then User 2 would not be able to gain
access to the network.
If there were only one device connected to the port, and authentication failed for that device, it
could be placed into the restricted VLAN, where it could gain access to the network.
Hub
Untagged
Untagged
User 1
MAC: 0002.3f7f.2e0a
User 2
MAC: 0050.048e.86ac
Port e2
Dual Mode
Switch
RADIUS Server
Tunnel-Private-Group-ID:
User 1 -> “U:3”
User 2 -> “U:20