Nortel business policy switch 2000 User Manual page 82

82 Chapter 1 The Business Policy Switch 2000
EAPOL dynamic VLAN assignment
If EAPOL-based security is enabled on a port, and then the port is authorized, the
EAPOL feature dynamically changes the port's VLAN configuration according to
preconfigured values, and assigns a new VLAN. The new VLAN configuration
values are applied according to previously stored parameters (based on the
user_id) in the Authentication server.
The following VLAN configuration values are affected:
• Port membership
• PVID
• Port priority
When the EAPOL-based security is disabled on a port that was previously
authorized, the port's VLAN configuration values are restored directly from the
switch's non-volatile random access memory (NVRAM).
The following exceptions apply to dynamic VLAN assignments:
• The dynamic VLAN configuration values assigned by EAPOL are not stored
in the switch's NVRAM.
• You can override the dynamic VLAN configuration values assigned by
EAPOL; however, be aware that the values you configure are not stored in
NVRAM.
• When EAPOL is enabled on a port, and you configure values other than
VLAN configuration values, those values are applied and stored in NVRAM.
You set up your Authentication server (RADIUS server) for EAPOL dynamic
VLAN assignments. The Authentication server allows you to configure
user-specific settings for VLAN memberships and port priority.
When you log on to a system that has been configured for EAPOL authentication,
the Authentication server recognizes your user ID and notifies the switch to assign
preconfigured (user-specific) VLAN membership and port priorities to the switch.
The configuration settings are based on configuration parameters that were
customized for your user ID and previously stored on the Authentication server.
To set up the Authentication server, set the following "Return List" attributes for
all user configurations (refer to your Authentication server documentation):
208700-C