Dynamic VLAN Assignment — Indicates whether dynamic VLAN assignment is enabled for this port. This feature allows network administrators to automatically assign users to VLANs during the RADIUS server authentication. When a user is authenticated by the RADIUS server, the user is automatically joined to the VLAN configured on a RADIUS server.

Port Lock and Port Monitor should be disabled when DVA is enabled.

Dynamic VLAN Assignment (DVA) can occur only if a RADIUS server is configured, and port authentication is enabled and set to 802.1x multi-session mode.

If the Radius Accept Message doesn’t contain the supplicant’s VLAN, the supplicant is rejected.

Authenticated ports are added to the supplicant VLAN as untagged.

Authenticated ports remain unauthenticated VLAN and Guest VLAN members. Static VLAN configuration is not applied to the port.

The following list of VLANs cannot participate in DVA: an Unauthenticated VLAN, a Dynamic VLAN that was created by GVRP, a Voice VLAN, a Default VLAN and a Guest VLAN.

Network administrators can delete the supplicant VLAN while the supplicant is logged in. The supplicant is authorized during the next re-authentication if this supplicant VLAN is re-created or a new VLAN is configured on the RADIUS server.

Guest VLAN — If enabled, indicates that unauthorized users connected to this interface can access the Guest VLAN.

Enable — Enables unauthorized users to access the guest VLAN.

Disable — Prevents unauthorized users from accessing the guest VLAN.

Periodic Reauthentication — Reauthenticates the selected port periodically. The reauthentication period is defined in the Reauthentication Period (300-4294967295) field.

Enable — Enables periodic port reauthentication.

Disable — Disables periodic port reauthentication.

Reauthentication Period (300-4294967295) — Indicate the time span in which the selected port is reauthenticated. The field value is seconds. The field default is 3600 seconds.

Reauthenticate Now — Permits immediate port reauthentication.

Checked — Enables immediate port reauthentication.

Disable — Disables immediate port reauthentication.

Authentication Server Timeout (1-65535) — Defines the amount of time that lapses before the device resends a request to the authentication server. The field value is specified in seconds. The field default is 30 seconds.

Resending EAP Identity Request (1-65535) — Defines the amount of time that lapses before EAP request are resent. The field default is 30 seconds.

Quiet Period (0-65535) — Indicates the number of seconds that the device remains in the quiet state following a failed authentication exchange. The possible field range is 0-65535. The field default is 60 seconds.

Configuring Switch Information

265

Page 265
Image 265
Dell 3548 manual 265