Administrator Guide

INTERFACE mode

dot1x reauth-max number

The range is from 1 to 10.

The default is 2.

The bold lines show that re-authentication is enabled and the new maximum and re-authentication time period.

Dell(conf-if-Te-0/0)#dot1x reauthentication

Dell(conf-if-Te-0/0)#dot1x reauthentication interval 7200

Dell(conf-if-Te-0/0)#dot1x reauth-max 10

Dell(conf-if-Te-0/0)#do show dot1x interface TenGigabitEthernet 0/0

802.1x information on Te 0/0:

-----------------------------

Dot1x Status: Enable

Port Control: FORCE_AUTHORIZED

Port Auth Status: UNAUTHORIZED

Re-Authentication: Enable

Untagged VLAN id: None

Tx Period: 90 seconds

Quiet Period: 120 seconds

ReAuth Max: 10

Supplicant Timeout: 30 seconds

Server Timeout: 30 seconds

Re-Auth Interval: 7200 seconds

Max-EAP-Req: 10

Auth Type: SINGLE_HOST

Auth PAE State: Initialize

Backend State: Initialize

Auth PAE State: Initialize

Backend State: Initialize

Configuring Dynamic VLAN Assignment with Port

Authentication

On the switch, 802.1X authentication supports dynamic VLAN assignment.

The basis for VLAN assignment is RADIUS attribute 81, Tunnel-Private-Group-ID. Dynamic VLAN assignment uses the standard

dot1x procedure:

1. The host sends a dot1x packet to the Dell Networking system

2. The system forwards a RADIUS REQEST packet containing the host MAC address and ingress port number

3. The RADIUS server authenticates the request and returns a RADIUS ACCEPT message with the VLAN assignment using

Tunnel-Private-Group-ID

The illustration shows the configuration before connecting the end user device in black and blue text, and after connecting the

device in red text. The blue text corresponds to the preceding numbered steps on dynamic VLAN assignment with 802.1X.

802.1X