Dynamic Vlan Assignment; Configuring Dynamic Vlan Assignment; Configuration Example For Dynamic Vlan Assignment - 3Com 5500-SI Configuration Manual
5500 series
Hide thumbs
Also See for 5500-SI:
- Datasheet (9 pages) ,
- Getting started manual (148 pages) ,
- Quick reference manual (59 pages)
Table of Contents
Advertisement
Dynamic VLAN
Assignment
Configuring Dynamic
VLAN Assignment
Configuration Example
for Dynamic VLAN
Assignment
Through dynamic VLAN assignment, the Ethernet switch dynamically adds the ports
of the successfully authenticated users to different VLANs depending on the attribute
values assigned by RADIUS server, so as to control the network resources the users
can access.
Currently, the switch supports the following two data types of VLAN IDs assigned by
RADIUS authentication server:
Integer: The switch adds the port to a VLAN depending on the integer type of
■
VLAN ID assigned by the RADIUS authentication server. If the VLAN does not exist,
the switch creates the VLAN, and then adds the port to the new VLAN.
String: The switch compares the character string type of VLAN ID assigned by the
■
RADIUS authentication server with the existing VLAN names on it. If the switch
finds a match, it adds the port to the corresponding VLAN; otherwise the VLAN
assignment fails and the user fails to pass the authentication.
In actual application, to co-operate with Guest VLAN, port control is usually set to the
port-based mode. If it is set to the MAC address-based mode, each port can have
only one user end connected.
Configure dynamic VLAN assignment
Operation
Enter system view
Create an ISP domain and
enter its view
Set the VLAN assignment
mode to integer
Set the VLAN assignment
mode to string
Create a VLAN and enter its
view
Set a name for the assigned
VLAN
In string mode, if the VLAN name assigned by the RADIUS server is a string that
contains only digital characters (for example, 1024) and the string can be transformed
to an integer number in the valid VLAN range, the switch transforms this string to an
integer number and adds the authenticated port to the VLAN whose ID is this number
(VLAN 1024, for example).
If you want to implement the dynamic VLAN assignment function on a port where
both MSTP multi-instance and 802.1x is enabled, you must set the MSTP port to an
edge port.
Network requirements
The RADIUS authentication server (in this example, a Windows IAS server) assigns
■
a string type of VLAN ID (test).
The VLAN name corresponding to this assigned VLAN ID is vlan 100.
■
It is required that the switch adds the port to vlan 100 when test is assigned by the
■
RADIUS server.
Command
system-view
domain isp-name
vlan-assignment-mode
integer
vlan-assignment-mode string
vlan vlan_id
name string
Dynamic VLAN Assignment 417
Description
—
—
By default, this mode is integer.
You must perform one of the two
operations (this one and the
above one)
—
This operation is required when
the VLAN assignment mode is set
to string.
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
