Allowing radius-assigned vlans and a guest vlan, Allowing radius-assigned vlans and a, Guest vlan – Dell POWEREDGE M1000E User Manual

540

Configuring 802.1X and Port-Based Security

Guest-vlan Timeout............................. 90

Server Timeout (secs).......................... 30

MAB mode (configured).......................... Disabled

MAB mode (operational)......................... Disabled

Allowing RADIUS-Assigned VLANs and a Guest VLAN

The following commands show how to configure the switch to accept

RADIUS-assigned VLANs and Guest VLANs. The RADIUS server can place a

port in a particular VLAN based on the result of the authentication.
This example assumes that the RADIUS server information and Guest VLAN

(VLAN 100) have already been configured on the switch. If the RADIUS-

assigned VLAN has not been created on the switch, the VLAN can be

dynamically created.
To configure the switch:

1 Allow the switch to accept RADIUS-assigned VLANs

console#config

console(config)#aaa authorization network default

radius

2 Permit the switch to dynamically create a VLAN assigned by the RADIUS

server if it does not already exist on the switch.

3 Set the guest VLAN on port 20 to VLAN 100. This command

automatically enables the Guest VLAN Supplicant Mode on the interface.

console#configure

console(config)#interface gi1/0/20

console(config-if-Gi1/0/20)#dot1x guest-vlan 100

console(config-if-Gi1/020)# <CTRL+Z>

console#show dot1x advanced gi1/0/20

Port Guest Unauthenticated

VLAN Vlan

--------- --------- ---------------

Gi1/0/20

100

Disabled

NOTE:

Define the VLAN before configuring an interface to use it as the

guest VLAN.