192.168.0.1
RADIUS
server
Figure 35. VLAN assignment using RADIUS
In the previous figure, the switch has placed the host in the VLAN (vlan2000) based on the
user details of the clients.
The configuration on a RADIUS server for a user logged in as admin is:
•
Tunnel-Type = VLAN (13)
•
Tunnel-Medium-Type = 802
•
Tunnel-Private-Group-ID = 2000
CLI: Assign VLANS Using RADIUS
1.
Create VLAN 2000.
(Netgear Switch) #network protocol none
Changing protocol mode will reset ip configuration.
Are you sure you want to continue? (y/n) y
(Netgear Switch) #network parms 192.168.0.5 255.255.255.0
(Netgear Switch) #vlan database
(Netgear Switch) (Vlan)#vlan 2000
(Netgear Switch) #exit
2.
Enable dot1x authentication on the switch
(Netgear Switch) (Config)#dot1x system-auth-control
3.
Use the RADIUS as the authenticator.
(Netgear Switch) (Config)#aaa authentication dot1x default radius
4.
Enable the switch to accept VLAN assignment by the RADIUS server.
(Netgear Switch) (Config)#authorization network radius
Managed Switches
Host 1/0/12
1/0/6
1/0/5
192.168.0.5
Switch
Security Management
327
1/0/5
vlan2000
192.168.0.3
Host