3Com 4210 PWR Configuration Manual page 251

c
Configuring the
Attributes of a Local
User
Integer: If the RADIUS authentication server assigns integer type of VLAN IDs,
■
you can set the VLAN assignment mode to integer on the switch (this is also
the default mode on the switch). Then, upon receiving an integer ID assigned
by the RADIUS authentication server, the switch adds the port to the VLAN
whose VLAN ID is equal to the assigned integer ID. If no such a VLAN exists, the
switch first creates a VLAN with the assigned ID, and then adds the port to the
newly created VLAN.
String: If the RADIUS authentication server assigns string type of VLAN IDs, you
■
can set the VLAN assignment mode to string on the switch. Then, upon
receiving a string ID assigned by the RADIUS authentication server, the switch
compares the ID with existing VLAN names on the switch. If it finds a match, it
adds the port to the corresponding VLAN. Otherwise, the VLAN assignment
fails and the user fails the authentication.
In actual applications, to use this feature together with Guest VLAN, you should
better set port control to port-based mode. For more information, refer to "802.1x
Configuration" on page 211.
Table 185 Configure dynamic VLAN assignment
Operation
Enter system view
Create an ISP domain and
enter its view
Set the VLAN assignment
mode
Create a VLAN and enter its
view
Set a VLAN name for VLAN
assignment
CAUTION:
In string mode, if the VLAN ID assigned by the RADIUS server is a character
■
string containing only digits (for example, 1024), the switch first regards it as
an integer VLAN ID: the switch transforms the string to an integer value and
judges if the value is in the valid VLAN ID range; if it is, the switch adds the
authenticated port to the VLAN with the integer value as the VLAN ID (VLAN
1024, for example).
To implement dynamic VLAN assignment on a port where both MSTP and
■
802.1x are enabled, you must set the MSTP port to an edge port.
When local scheme is chosen as the AAA scheme, you should create local users
on the switch and configure the relevant attributes.
The local users are users set on the switch, with each user uniquely identified by a
user name. To make a user who is requesting network service pass local
authentication, you should add an entry in the local user database on the switch
for the user.
AAA Configuration Task List
Command
system-view
domain isp-name
vlan-assignment-mode {
integer | string }
vlan vlan-id
name string
249
Remarks
-
-
Optional
By default, the VLAN
assignment mode is integer.
-
This operation is required if
the VLAN assignment mode is
set to string.