DELL N3000 User Manual

Configuring Port and System Security

5 Allow the switch to dynamically create VLANs when a RADIUS-assigned 

VLAN does not exist on the switch.

console(config)#dot1x dynamic-vlan enable

6 Enter interface configuration mode for the downlink ports.

console(config)#interface range Gi1/0/1-23

7 Set the downlink ports to the access mode because each downlink port 

connects to a single host that belongs to a single VLAN.

console(config-if)#switchport mode access

console(config-if)#exit

8 Enter Interface Configuration mode for port 24, the uplink (trunk) port.

console(config)#interface Gi1/0/24

9 Disable 802.1X authentication on the interface. This causes the port to 

transition to the authorized state without any authentication exchange 

required. This port does not connect to any end-users, so there is no need 

for 802.1X-based authentication.

console(config-if-Gi1/0/24)#dot1x port-control 

10 Set the uplink port to trunk mode so that it accepts tagged traffic and 

transmits it to the connected device (another switch or router). 

console(config-if-Gi1/0/24)#switchport mode trunk

11 Forbid the trunk from forwarding traffic that has VLAN tags for any VLAN 

from 1000–2000, inclusive.

console(config-if-Gi1/0/24)#switchport trunk 

console(config-if-Gi1/0/24)#exit

To enable DiffServ filter assignment by an external server, the following 

conditions must be true:

• The port that the host is connected to must be enabled for MAC-based 

port access control by using the following command in Interface Config 

mode: