beautypg.com

Dell PowerEdge VRTX User Manual

Page 333

background image

802.1X Commands

333

FILE LOCATION: C:\Users\gina\Desktop\Checkout_new\CLI Folders\Dell Plasma-ARC

2+3\new_system_mifs_ARC2_latest\802_1X.fm

D E LL CO N F I D E N T IA L – P R E L I M I N A RY 4 / 3 / 14 - F O R PR O O F O N LY

VLAN tag is the RADIUS-assigned VLAN or the unauthenticated VLANs.

See the

dot1x radius-attributes vlan

command to enable RADIUS VLAN

assignment at a port.
The switch removes from the FDB all MAC addresses learned on a port when

its authentication status is changed from authorized to unauthorized.
Multi-Host Mode
The multi-host mode manages the authentication status of the port: the port

is authorized after at least one host is authorized.
When a port is unauthorized and the guest VLAN is enabled, untagged traffic

is remapped to the guest VLAN. Tagged traffic is dropped unless the VLAN

tag is the guest VLAN or the unauthenticated VLANs. If guest VLAN is not

enabled on the port, only tagged traffic belonging to the unauthenticated

VLANs is bridged.
When a port is authorized, untagged and tagged traffic from all hosts

connected to the port is bridged, based on the static VLAN membership

configured at the port.
A user can specify that untagged traffic from the authorized port will be

remapped to a VLAN that is assigned by a RADIUS server during the

authentication process. In this case, tagged traffic is dropped unless the

VLAN tag is the RADIUS-assigned VLAN or unauthenticated VLANs. See

the

dot1x radius-attributes vlan

command to enable RADIUS VLAN

assignment at a port.
The switch removes from FDB all MAC addresses learned on a port when its

authentication status is changed from authorized to unauthorized.
Multi-Sessions Mode
Unlike the single-host and multi-host modes (port-based modes) the multi-

sessions mode manages the authentication status for each host connected to

the port (session-based mode). If the multi-sessions mode is configured on a

port, the port does have any authentication status. Any number of hosts can

be authorized on the port. The

dot1x max-hosts

command can limit the

maximum number of authorized hosts allowed on the port.
Each authorized client requires a TCAM rule. If there is no available space in

the TCAM, the authentication is rejected.
When using this command to change the port mode to single-host or multi-

host when authentication is enabled, the port state is set to unauthorized.

See also other documents in the category Dell Computer hardware: