beautypg.com

Dell PowerEdge VRTX User Manual

Page 232

background image

232

FILE LOCATION: C:\Users\gina\Desktop\Checkout_new\Dell Plasma\User

Guide\Plasma_UGSwitching_NetworkSecurity.fm

D E L L C O N F ID E N T IA L – P R E L IM I N A RY 4 / 1 8 /1 3 - F O R P R O O F O N LY

You can configure a port to use Dot1x only, MAC-based only, or Dot1x and

MAC-based authentication. If a port is configured to use both Dot1x and

MAC-based authentication, a Dot1x supplicant has precedence over a

non-Dot1x device. The Dot1x supplicant preempts an authorized, but

non-Dot1x device, at a port that is configured with a single session.

Unauthenticated VLAN and Guest VLANs

Unauthenticated VLANs and Guest VLANs provide access to services that do

not require the subscribing devices or ports to be Dot1x or MAC-Based

authenticated and authorized.
An unauthenticated VLAN is a VLAN that allows access by authorized and

unauthorized devices or ports. You can configure one or more VLAN to be

unauthenticated in the VLAN Membership pages in "VLANs" on page 311.
An unauthenticated VLAN has the following characteristics:

• It must be a static VLAN, and cannot be the Guest VLAN or the default

VLAN.

• The VLAN’s member ports must be manually configured as tagged

members.

• The member ports must be trunk and/or general ports. An access port

cannot be member of an unauthenticated VLAN.

The Guest VLAN, if configured, is a static VLAN with the following

characteristics.

• It must be manually defined from an existing, static VLAN.
• It is automatically available only to unauthorized devices, or to ports of

devices that are connected and Guest VLAN enabled.

• If a port is Guest-VLAN-enabled, the switch automatically adds the port as

an untagged member of the Guest VLAN when the port is not authorized,

and removes the port from the Guest VLAN when the first supplicant of

the port is authorized.

• The Guest VLAN cannot be used as both the Voice VLAN and an

unauthenticated VLAN.

The switch also uses the Guest VLAN for authentication at ports configured

with Multiple Session mode and MAC-based authentication. Therefore, you

must configure a Guest VLAN before you can use the MAC-based

authentication mode.

See also other documents in the category Dell Computer hardware: