What is the role of 802.1x in vlan assignment, What is the role of 802.1x in vlan, Assignment – Dell POWEREDGE M1000E User Manual

Configuring 802.1X and Port-Based Security

513

What is the Role of 802.1X in VLAN Assignment?

PowerConnect M6220, M6348, M8024, and M8024-k switches allow a port to

be placed into a particular VLAN based on the result of the authentication or

type of 802.1X authentication a client uses when it accesses the switch. The

authentication server can provide information to the switch about which

VLAN to assign the supplicant.
When a host connects to a switch that uses an authentication server to

authenticate, the host authentication can typically have one of three

outcomes:

• The host is authenticated.
• The host attempts to authenticate but fails because it lacks certain

security credentials.

• The host is a guest and does not try to authenticate at all.

You can create three separate VLANs on the switch to handle a host

depending on whether the host authenticates, fails the authentication, or is a

guest. The RADIUS server informs the switch of the selected VLAN as part of

the authentication.

Authenticated and Unauthenticated VLANs

Hosts that authenticate normally use a VLAN that includes access to network

resources. Hosts that fail the authentication might be denied access to the

network or placed on a

quarantine

VLAN with limited network access.

Much of the configuration to assign hosts to a particular VLAN takes place on

the 802.1X authenticator (RADIUS server). If you use an external RADIUS

server to manage VLANs, you configure the server to use Tunnel attributes in

Access-Accept messages in order to inform the switch about the selected

VLAN. These attributes are defined in RFC 2868, and their use for dynamic

VLAN is specified in RFC 3580.
The VLAN attributes defined in RFC3580 are as follows:

• Tunnel-Type=VLAN (13)
• Tunnel-Medium-Type=802
• Tunnel-Private-Group-ID=VLANID

VLANID is 12-bits and has a value between 1 and 4093.