NETGEAR ProSafe GSM5212P Software Administration Manual page 263

ProSafe Managed Switch
• After a port is in an authorized state, if any client initiates dot1x authentication, the port
clears authenticated clients' states, and in the process clears the VLAN assigned to the
port (if any). Then the port continues with the new client authentication and authorization
process.
• When a client authenticates itself initially on the network, the switch acts as the
authenticator to the clients on the network and forwards the authentication request to the
RADIUS server in the network.
For use in VLAN assignment, the following tunnel attributes are used:
• Tunnel-Type = VLAN (13)
• Tunnel-Medium-Type = 802
• Tunnel-Private-Group-ID = VLANID where VLANID is 12 bits, with a value between 1 and
4094.
192.168.0.1
RADIUS
server
Figure 29. VLAN assignment using RADIUS
In the previous figure, the switch has placed the host in the VLAN (vlan2000) based on the
user details of the clients.
The configureation on a RADIUS server for a user logged in as admin is:
• Tunnel-Type = VLAN (13)
• Tunnel-Medium-Type = 802
• Tunnel-Private-Group-ID = 2000
CLI: Assign VLANS Using RADIUS
1. Create VLAN 2000.
(Netgear Switch) #network protocol none
Changing protocol mode will reset ip configuration.
Are you sure you want to continue? (y/n) y
(Netgear Switch) #network parms 192.168.0.5 255.255.255.0
(Netgear Switch) #vlan database
(Netgear Switch) (Vlan)#vlan 2000
(Netgear Switch) #exit
Host 1/0/12
1/0/6
1/0/5
192.168.0.5
Switch
1/0/5
vlan2000
Chapter 15. Security Management
192.168.0.3
Host
| 263