84 | 802.1Xw w w . d e l l . c o m | s u p p o r t . d e l l . c o m Figure 5-10. Configuring a TimeoutDynamic VLAN Assignment with Port AuthenticationFTOS supports dynamic VLAN assignment when using 802.1X. The basis for VLAN assignment isRADIUS attribute 81, Tunnel-Private-Group-ID. Dynamic VLAN assignment uses the standard dot1xprocedure: 1) the host sends a dot1x packet to the Dell Force10 system, 2) the system forwards a RADIUSREQEST packet containing the host MAC address and ingress port number, and 3) the RADIUS serverauthenticates the request and returns a RADIUS ACCEPT message with the VLAN assignment usingTunnel-Private-Group-ID.In Figure 5-11 shows the configuration on the Dell Force10 system before connecting the end-user devicein black and blue text, and after connecting the device in red text. The blue text corresponds to thepreceding numbered steps on dynamic VLAN assignment with 802.1X.Step Task1 Configure 8021.x globally and at interface level (see Enabling 802.1X on page 77) along with relevant RADIUSserver configurations (Figure 5-11)2 Make the interface a switchport so that it can be assigned to a VLAN.3 Create the VLAN to which the interface will be assigned.4 Connect the supplicant to the port configured for 802.1X.5 Verify that the port has been authorized and placed in the desired VLAN (Figure 5-11, red text).FTOS(conf-if-gi-2/1)#dot1x port-control force-authorizedFTOS(conf-if-gi-2/1)#do show dot1x interface gigabitethernet 2/1802.1x information on Gi 2/1:-----------------------------Dot1x Status: EnablePort Control: FORCE_AUTHORIZEDPort Auth Status: UNAUTHORIZEDRe-Authentication: DisableUntagged VLAN id: NoneGuest VLAN: DisableGuest VLAN id: NONEAuth-Fail VLAN: DisableAuth-Fail VLAN id: NONEAuth-Fail Max-Attempts: NONETx Period: 90 secondsQuiet Period: 120 secondsReAuth Max: 10Supplicant Timeout: 15 secondsServer Timeout: 15 secondsRe-Auth Interval: 7200 secondsMax-EAP-Req: 10Auth Type: SINGLE_HOSTAuth PAE State: InitializeBackend State: InitializeNew Supplicant and Server Timeouts