Configure Dynamic Smart Ports

Configure 802.1X for DPIFs

You configure 802.1X for a DPIF by associating the DPIF with a dynamic port profile. The dynamic port profile, which resides on the RADIUS server, contains new 802.1X settings. When an SD-LAN device contacts a RADIUS server for port authentication, the RADIUS server returns this dynamic port profile. The 802.1X settings in the dynamic port profile overwrite the settings that were initially configured on the base Ethernet port. 

The dynamic profile names may correspond to devices that require separate DPIF settings to be applied to the port. In this case, create separate DPIFs for these dynamic profile names, and then select the appropriate DPIF when configuring the 802.1X settings.

To add 802.1X settings for dynamic profile names:

1. In Director view, select the Administration tab in the top menu bar and then select an appliance in the main pane. The view changes to Appliance view.
2. Select Configuration in the top menu bar.
3. Select an organization from the drop-down menu and then select the dot1x tab in the main pane.
4. Click Edit. The following screen displays.
   
   
    
5. Enter information for the following fields.
    

   Field	Description
   Authentication Profile	Select the name of the 802.1X authentication profile that you configured in Configure Access to the RADIUS Server.
   Interface Name	Select a DPIF interface name.
   Supplicant	Select the supplicant type: Single - Authenticate only the first end device. All other end devices that connect to the port later are allowed access without any further authentication. Single Secure - Allow only one end device to connect to the port at a time. No other end device can connect until the first device logs out.​ Multiple - Allow multiple end devices to connect to the port. Each end device is authenticated individually. You can configure multiple mode only on bridge interfaces that are in trunk mode. Multiple Secure - Allows one end device to be connected in the voice VLAN and one in the authentication VLAN. Any additional devices are placed in the guest VLAN.
   Enable Dynamic VLAN	Check to enable dynamic assignment of VLANs based on the interface's 802.1X authentication.
   Enable Radius Dynamic VLAN	Check to enable Radius dynamic VLAN, in which VLAN assignment is done based on the response from the RADIUS authentication server.
   Dynamic Profile Name	Enter the name of the dynamic profile that you configured in the Authorization section on the RADIUS server. Note: The dynamic profile name in the dot1x authorization profile must match the name of the authorization profile configured on the RADIUS server. For information about creating an authorization profile, see the documentation for the RADIUS server.

6. For the remaining fields, enter values as described in Configure 802.1X Authentication Control in Configure IEEE 802.1X Device Authentication.
7. Click the + Add icon to add an entry for the dynamic profile name to the table.
8. Click OK.

Configure LLDP for DPIFs

You can provide LLDP functionality to a DPIF by selecting a DPIF interface when configuring an LLDP interface. 

1. Go to Configuration > Networking > LLDP. The following screen displays.
   
   
    
2. Click the Edit icon. In the Edit LLDP screen, enter information for the following fields.
   
   
    

   Field	Description
   Advertisement Interval	Enter the time interval for sending LLDP BPDUs. Range: 5 through 32768 seconds Default: 30 seconds
   Hold Multiplier	Enter a value for the LLDP hold multiplier. The hold multiplier is how long to cache information learned about neighbors before discarding it. If the device does not receive an LLDP packet from a connected device during the hold multiplier time, it removes the device from the neighbor information. Range: 2 to 10 Default: 4
   LLDP Enable	Click to enable LLDP.

   
    
3. Click the  Add icon. In the Create LLDP screen, enter information for the following fields.
   
   
    

   Field	Description
   Interface	Select a DPIF interface from the list.
   Disable	Click to disable the selected interface.
   Disable Transmit	Click to disable transmitting from the selected interface.
   Disable Receive	Click to disable receiving on the selected interface.
   Network Policy (Group of Fields)
   Voice (Group of Fields)
   L2 Priority	Enter the L2 voice priority value.  Range: 0 through 8 Default: None
   DSCP-Priority	Enter the DSCP priority value.  Range: 0 through 63 Default: None
   Tagging	Select a voice tagging. The options are: Tagged Untagged
   Vlan-ID	Enter a voice VLAN ID.  Range: 0 through 4094 Default: None
   Voice Signaling (Group of Fields)
   L2 Priority	Enter the L2 voice signaling priority value.  Range: 0 through 8 Default: None
   DSCP-Priority	Enter the voice signaling DSCP priority value.  Range: 0 through 63 Default: None
   Tagging	Select a voice signaling tagging. The options are: Tagged Untagged
   Vlan-ID	Enter a voice signaling VLAN ID.  Range: 0 through 4094 Default: None

4. Select the Location tab, then enter information for the following screens. For more information about the Civic Address options, see RFC 4776. 
   
    
    

   Field	Description
   Location (Group of Fields)
   Civic Address (Group of Fields)
   Additional	Enter additional Civic Address location information, if needed.
   Additional Code Information	Enter additional code information, for example, 13203000003.
   Block	Enter a block or neighborhood, if needed.
   Branch Road Name	Enter the name or identifier of a road or street that intersects or is associated with a primary road, for example, Lane 7.
   Building	Enter the name of a building or structure, for example, Public Library
   City	Enter a city name.
   City Division	Enter a city division, for example, borough, city district, ward.Enter
   Country	Enter a country name.
   County	Enter a county name.
   Direction	Enter a directional indicator, for example, N, S, E, W.
   Floor	Enter the floor number, for example, 7.
   Landmark	Enter a nearby landmark, for example, Columbia University.
   Language	Enter the language used for presenting the address information.
   Name	Enter the name of the residence or office occupant, for example, Joe's Barbershop.
   Number	Enter the street number of the residence, for example, 123.
   Number Suffix	Enter a modifier to a street address, for example, A or 1/2. The suffix does not identify parts of a street address.
   Place Type	Enter they type of place, for example, Office.
   Postal Group Name	Enter a postal group name, if needed.
   Primary Road Name	Enter the road or street name associated with the address.
   Room	Enter the room number, for example, 450F.
   Seat	Enter the seat number, for example, 181.
   State	Enter the name of the state.
   Street	Enter the street name.
   Street Suffix	Enter a street suffix, for example, Avenue or Platz.
   Trailing Street Prefix	Enter a trailing street prefix, such as SW or NE.
   Unit	Enter a unit number, for example, Apartment 22 or Suite B.
   Zip	Enter a postal Zip code, for example, 10027-1234.
   Coordinate Based (Group of Fields)
   Altitude	Enter the altitude number. The value range is from –1000 through 10000.
   Latitude	Enter the latitude number. The value range is from –180 through 180.
   Longitude	Enter the longitude number. The value range is from –90 through 90.
   Altitude-Type	Select the altitude type. The options are: Unknown Meters Floors
   Coordinate System	Select a coordinate system to use. The options are: Local NAD83 Untagged
   ELIN	Enter the Emergency Location Identification Number (ELIN). The range is from 10 through 31.

5. Click OK.

admin@device$ cli
admin@device> show interfaces detail enet-0/10

Interface: enet-0/10 Tenant 0
    Vlan-Id : n/a
    Inner-vlan-id : n/a
    Administrative status : up
    Operational status : up
    Protocols Down : n/a
    Interface index 1074
    Interface Role : external
    MAC address : ac:43:30:f8:f2:a0
    IP address : n/a
    Dynamic profile : EAP_4000