Users Guide
Table Of Contents
- Introduction
- Switch Feature Overview
- System Management Features
- Multiple Management Options
- System Time Management
- Log Messages
- System Reset
- Integrated DHCP Server
- Management of Basic Network Information
- IPv6 Management Features
- Dual Software Images
- File Management
- Switch Database Management Templates
- Automatic Installation of Firmware and Configuration
- sFlow
- SNMP Alarms and Trap Logs
- CDP Interoperability Through ISDP
- Remote Monitoring (RMON)
- Stacking Features
- Security Features
- Configurable Access and Authentication Profiles
- Password-Protected Management Access
- Strong Password Enforcement
- TACACS+ Client
- RADIUS Support
- SSH/SSL
- Inbound Telnet Control
- Denial of Service
- Port Protection
- Captive Portal
- 802.1X Authentication (IEEE 802.1X)
- MAC-Based 802.1X Authentication
- 802.1X Monitor Mode
- Port Security
- Access Control Lists (ACLs)
- Time-Based ACLs
- IP Source Guard (IPSG)
- DHCP Snooping
- Dynamic ARP Inspection
- Protected Ports (Private VLAN Edge)
- Green Technology Features
- Power over Ethernet (PoE) Features
- IEEE 802.3bt Capability
- Switching Features
- Flow Control Support (IEEE 802.3x)
- Head of Line Blocking Prevention
- Jumbo Frames Support
- Auto-MDI/MDIX Support
- VLAN-Aware MAC-based Switching
- Back Pressure Support
- Auto-negotiation
- Storm Control
- Port Mirroring
- Static and Dynamic MAC Address Tables
- Link Layer Discovery Protocol (LLDP)
- Link Layer Discovery Protocol (LLDP) for Media Endpoint Devices
- Connectivity Fault Management (IEEE 802.1ag)
- Cisco Protocol Filtering
- DHCP Layer-2 Relay
- Virtual Local Area Network Supported Features
- Spanning Tree Protocol Features
- Link Aggregation Features
- Routing Features
- Address Resolution Protocol (ARP) Table Management
- VLAN Routing
- IP Configuration
- Open Shortest Path First (OSPF)
- Border Gateway Protocol (BGP)
- Virtual Routing and Forwarding (VRF)
- BOOTP/DHCP Relay Agent
- IP Helper and DHCP Relay
- Routing Information Protocol
- Router Discovery
- Routing Table
- Virtual Router Redundancy Protocol (VRRP)
- Tunnel and Loopback Interfaces
- IPv6 Routing Features
- Quality of Service (QoS) Features
- Layer-2 Multicast Features
- Layer-3 Multicast Features
- System Management Features
- Hardware Overview
- Dell EMC Networking N1100-ON Series Switch Hardware
- Dell EMC Networking N1500 Series Switch Hardware
- Dell EMC Networking N2000 Series Switch Hardware
- Dell EMC Networking N2100-ON Series Switch Hardware
- Dell EMC Networking N2200-ON Series Switch Hardware
- N2200-ON Series Front Panel
- N2200-ON Series Rear Panel
- N2200X-ON Series Switch Ports
- N2200-ON Series Console Port
- N2200-ON Series USB Port
- N2200-ON Series Reset Button
- N2200-ON Series Port and System LEDs
- N2200-ON Series Stack Master LED and Stack Number Display
- N2200-ON Series Power Supplies
- N2200-ON Series LED Definitions
- Dell EMC Networking N3100-ON Series Switch Hardware
- Switch MAC Addresses
- Using Dell EMC OpenManage Switch Administrator
- Using the Command-Line Interface
- Default Settings
- Setting the IP Address and Other Basic Network Information
- Stacking
- Stacking Overview
- Dell EMC Networking Stacking Compatibility
- How is the Stack Master Selected?
- Adding a Switch to the Stack
- Removing a Switch from the Stack
- How is the Firmware Updated on the Stack?
- What is Stacking Standby?
- What is Nonstop Forwarding?
- Switch Stack MAC Addressing and Stack Design Considerations
- NSF Network Design Considerations
- Why is Stacking Needed?
- Default Stacking Values
- Managing and Monitoring the Stack (Web)
- Managing the Stack (CLI)
- Stacking and NSF Usage Scenarios
- Stacking Overview
- Authentication, Authorization, and Accounting
- AAA Introduction
- Authentication
- Authorization
- Accounting
- IEEE 802.1X
- What is IEEE 802.1X?
- What are the 802.1X Port Authentication Modes?
- What are Authentication Host Modes
- What is MAC Authentication Bypass?
- What is the Role of 802.1X in VLAN Assignment?
- What is Monitor Mode?
- How Does the Authentication Server Assign DiffServ Policy or ACLs?
- What is the Internal Authentication Server?
- Default 802.1X Values
- Configuring IEEE 802.1X (Web)
- Captive Portal
- Monitoring and Logging System Information
- System Monitoring Overview
- Default Log Settings
- Monitoring System Information and Configuring Logging (Web)
- Device Information
- System Health
- System Resources
- Unit Power Usage History
- Integrated Cable Test for Copper Cables
- Optical Transceiver Diagnostics
- Log Global Settings
- RAM Log
- Log File
- SYSLOG Server
- Email Alert Global Configuration
- Email Alert Mail Server Configuration
- Email Alert Subject Configuration
- Email Alert To Address Configuration
- Email Alert Statistics
- Monitoring System Information and Configuring Logging (CLI)
- Logging Configuration Examples
- Managing General System Settings
- System Settings Overview
- Default General System Information
- Configuring General System Settings (Web)
- System Information
- CLI Banner
- SDM Template Preference
- Clock
- SNTP Global Settings
- SNTP Authentication
- SNTP Server
- Summer Time Configuration
- Time Zone Configuration
- Card Configuration
- Slot Summary
- Supported Cards
- Power Over Ethernet Global Configuration
- Power Over Ethernet Unit Configuration
- Power Over Ethernet Interface Configuration
- Configuring System Settings (CLI)
- General System Settings Configuration Examples
- SNMP
- Images and File Management
- DHCP and USB Auto-Configuration
- Auto Configuration Overview
- What Is USB Auto Configuration?
- What Files Does USB Auto Configuration Use?
- How Does USB Auto Configuration Use the Files on the USB Device?
- What Is the Setup File Format?
- What Is the DHCP Auto Configuration Process?
- Monitoring and Completing the DHCP Auto Configuration Process
- What Are the Dependencies for DHCP Auto Configuration?
- Default Auto Configuration Values
- Managing Auto Configuration (Web)
- Managing Auto Configuration (CLI)
- Auto Configuration Example
- Auto Configuration Overview
- Monitoring Switch Traffic
- Traffic Monitoring Overview
- Default Traffic Monitoring Values
- Monitoring Switch Traffic (Web)
- sFlow Agent Summary
- sFlow Receiver Configuration
- sFlow Sampler Configuration
- sFlow Poll Configuration
- Interface Statistics
- Etherlike Statistics
- GVRP Statistics
- EAP Statistics
- Utilization Summary
- Counter Summary
- Switchport Statistics
- RMON Statistics
- RMON History Control Statistics
- RMON History Table
- RMON Event Control
- RMON Event Log
- RMON Alarms
- Port Statistics
- LAG Statistics
- Port Mirroring
- Monitoring Switch Traffic (CLI)
- Traffic Monitoring Examples
- iSCSI Optimization
- iSCSI Optimization Overview
- What Does iSCSI Optimization Do?
- What Occurs When iSCSI Optimization Is Enabled or Disabled?
- How Does the Switch Detect iSCSI Traffic Flows?
- How Is Quality of Service Applied to iSCSI Traffic Flows?
- How Does iSCSI Optimization Use ACLs?
- What Information Does the Switch Track in iSCSI Traffic Flows?
- How Does iSCSI Optimization Interact With Dell EqualLogic and Compellent Arrays?
- How Does iSCSI Optimization Interact with Other SAN Arrays?
- Default iSCSI Optimization Values
- Configuring iSCSI Optimization (Web)
- Configuring iSCSI Optimization (CLI)
- iSCSI Optimization Configuration Examples
- iSCSI Optimization Overview
- Port Characteristics
- Port and System Security
- Access Control Lists
- VLANs
- VLAN Overview
- Default VLAN Behavior
- Configuring VLANs (Web)
- Configuring VLANs (CLI)
- Creating a VLAN
- Configuring VLAN Settings for a LAG
- Configuring Double VLAN Tagging
- Configuring MAC-Based VLANs
- Configuring IP-Based VLANs
- Configuring a Protocol-Based VLAN
- Configuring GVRP
- Configuring Voice VLANs
- Configuring a Voice VLAN (Extended Example)
- Enterprise Voice VLAN Configuration With QoS
- MLAG with RPVST and Voice VLAN
- Assigning an 802.1p Priority to VLAN Traffic
- Configuring a Private VLAN
- Configuring Inter-Switch Private VLANs
- VLAN Configuration Examples
- Spanning Tree Protocol
- Discovering Network Devices
- Port-Based Traffic Control
- Layer-2 Multicast Features
- L2 Multicast Overview
- Snooping Switch Restrictions
- Default L2 Multicast Values
- Configuring L2 Multicast Features (Web)
- Multicast Global Parameters
- Bridge Multicast Group
- MFDB Summary
- MRouter Status
- General IGMP Snooping
- Global Querier Configuration
- VLAN Querier
- VLAN Querier Status
- MFDB IGMP Snooping Table
- MLD Snooping General
- MLD Snooping Global Querier Configuration
- MLD Snooping VLAN Querier
- MLD Snooping VLAN Querier Status
- MFDB MLD Snooping Table
- MVR Global Configuration
- MVR Members
- MVR Interface Configuration
- MVR Statistics
- GARP Timers
- GMRP Parameters
- MFDB GMRP Table
- Configuring L2 Multicast Features (CLI)
- Case Study on a Real-World Network Topology
- Connectivity Fault Management
- Ethernet Ring Protection
- Snooping and Inspecting Traffic
- Traffic Snooping and Inspection Overview
- Default Traffic Snooping and Inspection Values
- Configuring Traffic Snooping and Inspection (Web)
- DHCP Snooping Configuration
- DHCP Snooping Interface Configuration
- DHCP Snooping VLAN Configuration
- DHCP Snooping Persistent Configuration
- DHCP Snooping Static Bindings Configuration
- DHCP Snooping Dynamic Bindings Summary
- DHCP Snooping Statistics
- IPSG Interface Configuration
- IPSG Binding Configuration
- IPSG Binding Summary
- DAI Global Configuration
- DAI Interface Configuration
- DAI VLAN Configuration
- DAI ACL Configuration
- DAI ACL Rule Configuration
- DAI Statistics
- Configuring Traffic Snooping and Inspection (CLI)
- Traffic Snooping and Inspection Configuration Examples
- Link Aggregation
- MAC Addressing and Forwarding
- DHCP Server Settings
- IP Routing
- Routing Interfaces
- Layer-2 and Layer-3 Relay Features
- OSPF and OSPFv3
- OSPF Overview
- OSPF Feature Details
- OSPFv3 MIB Support
- Default OSPF Values
- Configuring OSPF Features (Web)
- OSPF Configuration
- OSPF Area Configuration
- OSPF Stub Area Summary
- OSPF Area Range Configuration
- OSPF Interface Statistics
- OSPF Interface Configuration
- OSPF Neighbor Table
- OSPF Neighbor Configuration
- OSPF Link State Database
- OSPF Virtual Link Configuration
- OSPF Virtual Link Summary
- OSPF Route Redistribution Configuration
- OSPF Route Redistribution Summary
- NSF OSPF Configuration
- Configuring OSPFv3 Features (Web)
- OSPFv3 Configuration
- OSPFv3 Area Configuration
- OSPFv3 Stub Area Summary
- OSPFv3 Area Range Configuration
- OSPFv3 Interface Configuration
- OSPFv3 Interface Statistics
- OSPFv3 Neighbors
- OSPFv3 Neighbor Table
- OSPFv3 Link State Database
- OSPFv3 Virtual Link Configuration
- OSPFv3 Virtual Link Summary
- OSPFv3 Route Redistribution Configuration
- OSPFv3 Route Redistribution Summary
- NSF OSPFv3 Configuration
- Configuring OSPF Features (CLI)
- Configuring OSPFv3 Features (CLI)
- OSPF Configuration Examples
- Configuring OSPF VRFs
- VRF
- RIP
- VRRP
- BGP
- Overview
- BGP Operations
- Decision Process Overview
- Path Attributes
- BGP Finite State Machine (FSM)
- Detecting Loss of Adjacency
- Authentication
- Outbound Update Groups
- Removing Private AS Numbers
- Templates
- Resolving Interface Routes
- Originating BGP Routes
- Equal Cost Multipath (ECMP)
- BGP Next-Hop Resolution
- Address Aggregation
- Routing Policy
- Inbound Policy
- Outbound Policy
- Routing Policy Changes
- BGP Timers
- Communities
- Routing Table Overflow
- Route Reflection
- VRF Support
- BGP Neighbor Configuration
- Extended Communities
- VPNv4/VRF Route Distribution via MP-BGP
- IPv6
- BGP Limitations
- BGP Configuration Examples
- Bidirectional Forwarding Detection
- Unicast Reverse Path Forwarding
- IPv6 Routing
- DHCPv6 Server Settings
- Differentiated Services
- Class-of-Service
- Auto VoIP
- IPv4 and IPv6 Multicast
- L3 Multicast Overview
- Default L3 Multicast Values
- Configuring General IPv4 Multicast Features (Web)
- Configuring IPv6 Multicast Features (Web)
- Configuring IGMP and IGMP Proxy (Web)
- Configuring MLD and MLD Proxy (Web)
- MLD Global Configuration
- MLD Routing Interface Configuration
- MLD Routing Interface Summary
- MLD Routing Interface Cache Information
- MLD Routing Interface Source List Information
- MLD Traffic
- MLD Proxy Configuration
- MLD Proxy Configuration Summary
- MLD Proxy Interface Membership Information
- Detailed MLD Proxy Interface Membership Information
- Configuring PIM for IPv4 and IPv6 (Web)
- Configuring DVMRP (Web)
- Configuring L3 Multicast Features (CLI)
- Configuring and Viewing IPv4 Multicast Information
- Configuring and Viewing IPv6 Multicast Route Information
- Configuring and Viewing IGMP
- Configuring and Viewing IGMP Proxy
- Configuring and Viewing MLD
- Configuring and Viewing MLD Proxy
- Configuring and Viewing PIM-DM for IPv4 Multicast Routing
- Configuring and Viewing PIM-DM for IPv6 Multicast Routing
- Configuring and Viewing PIM-SM for IPv4 Multicast Routing
- Configuring and Viewing PIM-SM for IPv6 Multicast Routing
- Configuring and Viewing DVMRP Information
- L3 Multicast Configuration Examples
- Multiple Registration Protocol
- OpenFlow
- Dell EMC Networking Python Support
- Appendix
- Index
326 Authentication, Authorization, and Accounting
Guest VLAN
The Guest VLAN feature provides a mechanism to allow users access to a
guest VLAN. For example, the administrator might provide a guest VLAN to
visitors and contractors to permit network access that allows visitors to
connect to external network resources, such as the Internet, with no ability to
access information on the internal LAN.
As an example, on a port configured in auto authentication mode
(authentication port-control auto) and connected to a client that does not
support 802.1X, the client does not respond to the 802.1X requests from the
switch. The port remains in the unauthorized state and the client is not
granted access to the network. If a guest VLAN is configured for that port, the
port is placed in the configured guest VLAN and moved to the authorized
state, allowing access to the client over the guest VLAN.
When the guest VLAN capability is disabled, users authorized by the guest
VLAN are removed from the VLAN and denied network access.
RADIUS Trunk Mode Assignment
Some network administrators may choose to use a default configuration on all
ports in the network and administer bespoke network policies via RADIUS.
Dell EMC switches support configuration of switchport trunk mode on ports
via RADIUS. In an 802.1X Access-Accept message, the Cisco VSA device-
traffic-class=switch indicates that the connected device is capable of
forwarding traffic from multiple stations using tagged and untagged traffic.
When an Access-Accept message is received that contains the VSA device-
traffic-class=switch, the switch operationally sets the port to trunk mode and
utilizes the RADIUS-assigned VLAN to set the operational native VLAN. If
not present, the port PVID is used to set the operational trunk port native
VLAN. Spanning-tree portfast is operationally disabled on the port. Any
trunk mode configuration on the port is respected.
NOTE: MAB and the guest VLAN feature are mutually exclusive on a port. If MAB
is enabled on a port concurrently with guest VLAN, the port will not move to the
authorized state.