Concept Guide
1 The host sends a dot1x packet to the Dell Networking system
2 The system forwards a RADIUS REQEST packet containing the host MAC address and ingress port number
3 The RADIUS server authenticates the request and returns a RADIUS ACCEPT message with the VLAN assignment using Tunnel-
Private-Group-ID
The illustration shows the conguration before connecting the end user device in black and blue text, and after connecting the device in
red text. The blue text corresponds to the preceding numbered steps on dynamic VLAN assignment with 802.1X.
Figure 7. Dynamic VLAN Assignment
1 Congure 8021.x globally (refer to Enabling 802.1X) along with relevant RADIUS server congurations (refer to the illustration
inDynamic VLAN Assignment with Port Authentication).
2 Make the interface a switchport so that it can be assigned to a VLAN.
3 Create the VLAN to which the interface will be assigned.
4 Connect the supplicant to the port congured for 802.1X.
5 Verify that the port has been authorized and placed in the desired VLAN (refer to the illustration in Dynamic VLAN Assignment with
Port Authentication).
Guest and Authentication-Fail VLANs
Typically, the authenticator (the Dell system) denies the supplicant access to the network until the supplicant is authenticated. If the
supplicant is authenticated, the authenticator enables the port and places it in either the VLAN for which the port is congured or the
VLAN that the authentication server indicates in the authentication data.
NOTE
: Ports cannot be dynamically assigned to the default VLAN.
104 802.1X