DELL 9.7(0.0) User Manual

The bold lines show the new supplicant and server timeouts.

Dell(conf-if-Te-0/0)#dot1x port-control force-authorized

Dell(conf-if-Te-0/0)#do show dot1x interface TenGigabitEthernet 0/0

802.1x information on Te 0/0:

-----------------------------

Dot1x Status:            Enable

Port Control:            FORCE_AUTHORIZED

Port Auth Status:        UNAUTHORIZED

Re-Authentication:       Disable

Untagged VLAN id:        None

Guest VLAN:              Disable

Guest VLAN id:           NONE

Auth-Fail VLAN:          Disable

Auth-Fail VLAN id:       NONE

Auth-Fail Max-Attempts:  NONE

Tx Period:               90 seconds

Quiet Period:            120 seconds

ReAuth Max:              10

Re-Auth Interval:        7200 seconds

Max-EAP-Req:             10

Auth Type:               SINGLE_HOST

Auth PAE State:          Initialize

Backend State:           Initialize

Enter the tasks the user should do after finishing this task (optional).

Configuring Dynamic VLAN Assignment with Port 

Authentication

On the Z9500, 802.1X authentication supports dynamic VLAN assignment.

The basis for VLAN assignment is RADIUS attribute 81, Tunnel-Private-Group-ID. Dynamic VLAN 

assignment uses the standard dot1x procedure:

1.

The host sends a dot1x packet to the Dell Networking system

2.

The system forwards a RADIUS REQEST packet containing the host MAC address and ingress port 

number

3.

The RADIUS server authenticates the request and returns a RADIUS ACCEPT message with the VLAN 

assignment using Tunnel-Private-Group-ID

The illustration shows the configuration before connecting the end user device in black and blue text, 
and after connecting the device in red text. The blue text corresponds to the preceding numbered steps 
on dynamic VLAN assignment with 802.1X.

88

802.1X