Dell PowerConnect 55xx Systems User Guide 129Dynamic VLAN Assignment (DVA)Dynamic VLAN Assignment (DVA) is also referred to as RADIUS VLANAssignment in this guide. When a port is in Multiple Session mode and isDVA-enabled, the switch automatically adds the port as an untagged memberof the VLAN that is assigned by the RADIUS server during the authenticationprocess. The switch classifies untagged packets to the assigned VLAN if thepackets originated from the devices or ports that are authenticated andauthorized.For a device to be authenticated and authorized at a DVA-enabled port:• The RADIUS server must authenticate the device and dynamically assigna VLAN to the device.• The assigned VLAN must not be the default VLAN and must have beencreated on the switch.• The switch must not be configured to use both a DVA and a MAC-basedVLAN group.• A RADIUS server must support DVA with RADIUS attributes tunnel-type(64) = VLAN (13), tunnel-media-type (65) = 802 (6), and tunnel-private-group-id = a VLAN ID.Dynamic Policy/ACL AssignmentThe Dynamic Policy/ACL Assignment feature enables specifying a user-defined ACL or policy in the RADIUS server. After a successfulauthentication, the user is assigned that ACL.Authentication MethodsThe possible authentication methods are:• Dot1x — The switch supports this authentication mechanism, asdescribed in the standard, to authenticate and authorize Dot1xsupplicants.• MAC-based — The switch can be configured to use this method toauthenticate and authorize devices that do not support Dot1x. The switchemulates the supplicant role on behalf of the non-Dot1x-capable devices,and uses the MAC address of the devices as the username and password,when communicating with the RADIUS servers. MAC addresses for
