H3C s3100 series Command Manual page 421
Hide thumbs
Also See for s3100 series:
- Command manual (1244 pages) ,
- Operation manual (1057 pages) ,
- Installation manual (94 pages)
Table of Contents
Advertisement
The dynamic VLAN assignment feature enables a switch to dynamically add the ports of successfully
authenticated users to different VLANs according to the attributes assigned by the RADIUS server, so
as to control the network resources that different users can access.
In actual applications, to use this feature together with Guest VLAN, you are recommended to set port
control to port-based mode.
Currently, the switch supports the following two types of assigned VLAN IDs: integer and string.
Integer: If the RADIUS authentication server assigns integer type of VLAN IDs, you can set the
VLAN assignment mode to integer on the switch (this is also the default mode on the switch). Then,
upon receiving an integer ID assigned by the RADIUS authentication server, the switch adds the
port to the VLAN whose VLAN ID is equal to the assigned integer ID. If no such a VLAN exists, the
switch first creates a VLAN with the assigned ID, and then adds the port to the newly created
VLAN.
String: If the RADIUS authentication server assigns string type of VLAN IDs, you can set the VLAN
assignment mode to string on the switch. Then, upon receiving a string ID assigned by the RADIUS
authentication server, the switch compares the ID with existing VLAN names on the switch. If it
finds a match, it adds the port to the corresponding VLAN. Otherwise, the VLAN assignment fails
and the user fails the authentication.
The switch supports two dynamic VLAN assignment modes to adapt to different authentication servers.
You are recommended to configure the switch according to the dynamic VLAN assignment mode used
by the server.
Table 1-4
lists several commonly used RADIUS servers and their dynamic VLAN assignment modes.
Table 1-4 Commonly used servers and their dynamic VLAN assignment modes
Server
CAMS
ACS
FreeRADIUS
Shiva Access Manager
Steel-Belted Radius Administrator
In string mode, if the VLAN ID assigned by the RADIUS server is a character string containing only
digits (for example, 1024), the switch first regards it as an integer VLAN ID: the switch transforms the
string to an integer value and judges if the value is in the valid VLAN ID range; if it is, the switch adds the
authenticated port to the VLAN with the value as the VLAN ID (VLAN 1024, for example).
Related commands: name.
Dynamic VLAN assignment mode
Integer
For the latest CAMS version, you can determine the
assignment mode by attribute value.
String
You can determine the assignment mode by attribute value
(for example, 100 is integer; "100" is string).
String
String
1-32
- Quick Links:
- Cli Configuration Commands
- Login
Hide quick links:
Advertisement
Chapters
Table of Contents
