Dell PowerConnect M6220 Configuration Guide - Page 90

Define the VLAN before configuring an interface to use it as the guest VLAN. console#configure console(config)#interface ethernet 1/g20 console(config-if-1/g20)#dot1x guest-vlan 100 console(config-if-1/g20)# console#show dot1x advanced ethernet 1/g20 Port --------1/g20 Guest VLAN --------- 100 Authentication Server Filter Assignment The PowerConnect 6200 Series switches allow the external 802.1X Authenticator or RADIUS server to assign DiffServ policies to users that authenticate to the switch. When a host (supplicant) attempts to connect to the network through a port, the switch contacts the 802.1X authenticator or RADIUS server, which then provides information to the switch about which DiffServ policy to assign the host (supplicant). The application of the policy is applied to the host after the authentication process has completed. To enable filter assignment by an external server, the following conditions must be true: 1 The port that the host is connected to must be enabled for MAC-based port access control by using the following command in Interface Config mode: dot1x port-control mac-based 2 The RADIUS or 802.1X server must specify the policy to assign. For example, if the DiffServ policy to assign is named internet_access, include the following attribute in the RADIUS or 802.1X server configuration: Filter-id = "internet_access" 3 The DiffServ policy specified in the attribute must already be configured on the switch, and the policy names must be identical. For information about configuring a DiffServ policy, see "Differentiated Services" on page 113. The section, "Example #1: DiffServ Inbound Configuration" on page 114," describes how to configure a policy named internet_access. NOTE: If the policy specified within the server attribute does not exist on the switch, authentication will fail. Access Control Lists (ACLs) This section describes the Access Control Lists (ACLs) feature. 90 Device Security