Table of Contents
Advertisement
17
315
Authentication
page. This enables the host to be bridged according to static
configuration.
•
A RADIUS server must support DVA with RADIUS attributes tunnel-type (64) =
VLAN (13), tunnel-media-type (65) = 802 (6), and tunnel-private-group-id = a VLAN
ID.
If the tunnel-private-group ID attribute is provided as a VLAN name, the VLAN with this
name most be statically configured on the device. If a VLAN ID (2-4094) is used in this
attribute, after a supplicant is authenticated, the VLAN will be created dynamically.
When the RADIUS-Assigned VLAN feature is enabled, the host modes behave as follows:
•
Single-Host and Multi-Host Mode
Untagged traffic and tagged traffic belonging to the RADIUS-assigned VLAN are
bridged via this VLAN. All other traffic not belonging to unauthenticated VLANs is
discarded.
•
Multi-Sessions Mode
Untagged traffic and tagged traffic not belonging to the unauthenticated VLANs
arriving from the client are assigned to the RADIUS-assigned VLAN using TCAM
rules and are bridged via the VLAN.
The following table describes guest VLAN and RADIUS VLAN Assignment support
depending on authentication method and port mode.
RADIUS VLAN Assignment Support
Authentication
Single-host
Method
802.1x
MAC
WEB
Legend:
†—The port mode supports the guest VLAN and RADIUS-VLAN assignment
N/S—The port mode does not support the authentication method.
Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x
Multi-host
†
†
†
†
N/S
N/S
Security: 802.1X Authentication
Multi-sessions
†
†
N/S
Overview
Hide quick links:
Advertisement
Table of Contents
