CLI Guide
Security Commands 1003
assigned VLAN does not exist on the supplicant connected interface, the
assigned VLAN is dynamically created. See the aaa authorization network
default radius command for further information. This implies that the client
can connect from any port and be assigned to the appropriate VLAN, which
may be already configured on an uplink interface. This gives flexibility for
clients to move around the network with out requiring the operator to
perform additional provisioning for each network interface. Dynamic VLAN
assignment uses the following RADIUS attributes from the received Access-
Accept:
IETF 64 (Tunnel Type)—Set this to VLAN.
IETF 65 (Tunnel Medium Type)—Set this to 802.
IETF 81 (Tunnel Private Group ID)—Set this to VLAN ID or VLAN name.
RADIUS Change of Authorization
Dell EMC Networking supports the Change of Authorization Disconnect -
Request per RFC 3575. The Dell EMC Networking switch listens for the
Disconnect-Request on UDP port 3799. The Disconnect-Request identifies
the user session to be terminated using the following attributes:
• User-Name (IETF attribute #1)
• Acct-Session-Id (IETF attribute #44)
• Calling-Station-Id (IETF attribute #31, which contains the host MAC
address)
The following messages from RFC 3575 are supported:
• 40 - Disconnect-Request
• 41 - Disconnect-ACK
• 42 - Disconnect-NAK
A CoA Disconnect-Request terminates the session without disabling the
switch port. Instead, CoA Disconnect-Request termination causes re-
initialization of the authenticator state machine for the specified host. MAC-
based port control can be enabled for 802.1x sessions. In this case, if the
RADIUS server issues a disconnect request and subsequently does not
authorize the MAC address to access network resources, the host is effectively