Manualshelf

Users Guide

ManualsBrandsDell ManualsAccess PlatformsEMC PowerSwitch N3000E-ON Series
331332333334335336337338339340
Authentication, Authorization, and Accounting 339
What is the Role of 802.1X in VLAN Assignment?
Dell EMC Networking N-Series switches allow a port to be placed into a
particular VLAN based on the result of the authentication. The
authentication server can provide information to the switch about which
VLAN to assign the supplicant or the administrator can configure the level of
access provided when authentication fails or is never attempted.
When a host connects to a switch that uses an authentication server to
authenticate, the host authentication will have one of three outcomes:
The host is authenticated.
The host attempts to authenticate but fails because it lacks certain
security credentials.
The host does not try to authenticate at all (802.1X unaware).
Three separate VLANs can be created on the switch to handle a host
depending on whether the host authenticates, fails the authentication, or
does not attempt authentication. The RADIUS server informs the switch of
the selected VLAN as part of the authentication.
Authenticated VLANs
Hosts that authenticate normally are assigned a VLAN that includes access to
network resources. This VLAN may be assigned by the RADIUS server. Hosts
that fail authentication may be denied access to the network or placed into an
unauthenticated VLAN, if configured. Hosts that do not attempt
authentication may be placed into a guest VLAN, if configured. The network
administrator can configure the type of access provided to the authenticated,
guest, and unauthenticated VLANs.
Much of the configuration to assign authenticated hosts to a particular VLAN
takes place on the 802.1X authenticator server (for example, a RADIUS
server). If an external RADIUS server is used to manage VLANs, configure the
server to use Tunnel attributes in Access-Accept messages in order to inform
the switch about the selected VLAN. These attributes are defined in RFC
2868 and their use for dynamic VLAN is specified in RFC 3580.
The VLAN attributes defined in RFC3580 and required for VLAN
assignment via RADIUS are as follows:
Tunnel-Type (64) = VLAN (13)
Tunnel-Medium-Type (65) = 802 (6)