Dell Powerswitch Serie N

Supported Models:

  • Dell Serie N Switches with OS 6
  • Dell N15xx
  • Dell N20xx
  • Dell N30xx
  • Dell N40xx

Not supported Models:

  • Dell X Serie: too less features
  • Dell S and Z Series: currently the MAB feature is missing on OS10.

Configuration

Hint: if you enable dot1x authentication, all ports will suddenly try to authenticate and shutdown in case if no authentication is possible. This also includes trunk ports. If you are connected remotely (e.g. ssh), you will be disconnected and not able to connect any more.

So the best is to disable dot1x authentication on trunk ports first.

e.g. Trunkport on Gi1/0/24:

interface Gi1/0/24
dot1x port-control force-authorized

Global Settings for dot1x

aaa accounting dot1x default start-stop radius
authentication enable
dot1x system-auth-control
aaa authentication dot1x default radius
aaa authorization network default radius
dot1x dynamic-vlan enable
mab request format attribute 1 groupsize 12 separator . lowercase
radius server auth RADIUIS_IP_ADDRESS name "xeoxradius" key PRESHAREDKEY

dot1x dynamic-vlan enable is required for dynamic vlan assignment via XEOX. If you like to use static vlan assignment on switch/port level, remove this line.

Configuring the Ports

interface Gi1/0/1
dot1x port-control mac-based
dot1x reauthentication
dot1x unauth-vlan 50
mab
authentication order mab
authentication priority mab

dot1x unauth-vlan 50 means in case of authentication reject the device would be assigned to VLAN 50 - e.g. Guest/Internet Only VLAN.

Full Example of a test Switch

testn3k#show run
!Current Configuration:                                                                                     
!Software Capability "Stack Limit = 8, VLAN Limit = 1024"                                                   
!Image File "N3000AdvLitev6.5.4.3"
!System Description "Dell EMC Networking N3024, 6.5.4.3, Linux 3.6.5-e3cd5a07, Not Available"
!System Software Version 6.5.4.3
!
configure
vlan 50,88
exit
vlan 50
name "unauth"
exit
hostname "testn3k"
slot 1/0 1    ! Dell EMC Networking N3024
sntp unicast client enable
sntp server "pool.ntp.org" priority 3
stack
member 1 1    ! N3024
exit
interface vlan 1
ip address 192.168.100.248 255.255.255.0
exit
ip default-gateway 192.168.100.254
aaa accounting dot1x default start-stop radius
authentication enable
dot1x system-auth-control
aaa authentication dot1x default radius
aaa authorization network default radius
dot1x dynamic-vlan enable
mab request format attribute 1 groupsize 12 separator . lowercase
radius server auth 192.168.123.124
name "xeoxradius"
key 7 "XXXXXX"
exit
ip ssh server
application install SupportAssist auto-restart start-on-boot
application install hiveagent start-on-boot
!
interface Gi1/0/1
spanning-tree portfast
switchport mode general
switchport general pvid 50
dot1x port-control mac-based
dot1x reauthentication
dot1x unauth-vlan 50
mab
authentication order mab
authentication priority mab
exit
!
interface Gi1/0/5
spanning-tree portfast
switchport mode general
switchport general pvid 50
dot1x port-control mac-based
dot1x reauthentication
dot1x unauth-vlan 50
mab
authentication order mab
authentication priority mab
exit
!
interface Gi1/0/24
switchport mode general
switchport general allowed vlan add 88 tagged
switchport general allowed vlan add 1 tagged
dot1x port-control force-authorized
exit
snmp-server engineid local 800xxxxb9796
exit

testn3k#