D-Link xStack DGS-3620 Reference Manual page 1331

xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide
If the user has configured the VLAN attribute of the RADIUS server (for example, VID 3) and the
802.1X, or MAC-based Access Control, or WAC/JWAC authentication is successful, the port will
be assigned to VLAN 3. However if the user does not configure the VLAN attributes, when the port
is not guest VLAN member, it will be kept in its current authentication VLAN, and when the port is
guest VLAN member, it will be assigned to its original VLAN.
To assign ACL by RADIUS Server, the proper parameters should be configured on the RADIUS
Server. The table below shows the parameters for an ACL.
The parameters of the Vendor-Specific Attribute are:
RADIUS Tunnel Attribute Description
Vendor-ID
Vendor-Type
Attribute-Specific Field
If the user has configured the ACL attribute of the RADIUS server (for example, ACL profile:
create access_profile ethernet vlan 0xFFF profile_id 100; ACL rule: config access_profile
profile_id 100 add access_id auto_assign ethernet), and the 802.1X or MAC-based Access
Control, WAC or JWAC authentication is successful, the device will assign the ACL profiles and
rules according to the RADIUS server. For more information about the ACL module, please refer to
the 'Access Control List (ACL) Commands' section.
and check if there is one matched.
2. If the switch can find one
matched, it will move to that VLAN.
3. If the switch can not find the
matched VLAN ID, it will think the
VLAN setting string as a "VLAN
Name".
4. Then it will check that it can find
out a matched VLAN Name.
Defines the vendor.
Defines the attribute.
Used to assign the ACL
profile or rule.
Value
171 (DLINK)
12 (for ACL profile)
13 (for ACL rule)
ACL Command
For example:
ACL profile: create
access_profile
ethernet vlan 0xFFF
profile_id 100;
ACL rule: config
access_profile
profile_id 100 add
access_id
auto_assign ethernet
vlan_id default port
all deny;
1326
Usage
Required
Required
Required