Manualshelf

Administrator Guide

ManualsBrandsDell ManualsAccess PlatformsNetworking S3100 Series
81828384858687888990
Figure 8. Dynamic VLAN Assignment
1. Configure 8021.x globally (refer to Enabling 802.1X) along with relevant RADIUS server configurations (refer to the illustration
in
Dynamic VLAN Assignment with Port Authentication).
2. Make the interface a switchport so that it can be assigned to a VLAN.
3. Create the VLAN to which the interface will be assigned.
4. Connect the supplicant to the port configured for 802.1X.
5. Verify that the port has been authorized and placed in the desired VLAN (refer to the illustration in Dynamic VLAN Assignment with
Port Authentication).
Guest and Authentication-Fail VLANs
Typically, the authenticator (the Dell system) denies the supplicant access to the network until the supplicant is authenticated. If the
supplicant is authenticated, the authenticator enables the port and places it in either the VLAN for which the port is configured or the
VLAN that the authentication server indicates in the authentication data.
NOTE:
Ports cannot be dynamically assigned to the default VLAN.
If the supplicant fails authentication, the authenticator typically does not enable the port. In some cases this behavior is not appropriate.
External users of an enterprise network, for example, might not be able to be authenticated, but still need access to the network. Also,
some dumb-terminals, such as network printers, do not have 802.1X capability and therefore cannot authenticate themselves. To be able
to connect such devices, they must be allowed access the network without compromising network security.
The Guest VLAN 802.1X extension addresses this limitation with regard to non-802.1X capable devices and the Authentication-fail VLAN
802.1X extension addresses this limitation with regard to external users.
If the supplicant fails authentication a specified number of times, the authenticator places the port in the Authentication-fail VLAN.
If a port is already forwarding on the Guest VLAN when 802.1X is enabled, the port is moved out of the Guest VLAN and the
authentication process begins.
90
802.1X