IBM RackSwitch G8000 Application Manual page 79

© Copyright IBM Corp. 2011
Table 7. Support for RADIUS Attributes (continued)
# Attribute
81 Tunnel-Private-
Group-ID
79 EAP-Message
80 Message-
Authenticator
87 NAS-Port-ID
Legend: RADIUS Packet Types: A-R (Access-Request), A-A (Access-Accept),
A-C (Access-Challenge), A-R (Access-Reject)
RADIUS Attribute Support:
• 0 This attribute MUST NOT be present in a packet.
• 0+ Zero or more instances of this attribute MAY be present in a packet.
• 0-1 Zero or one instance of this attribute MAY be present in a packet.
• 1 Exactly one instance of this attribute MUST be present in a packet.
• 1+ One or more of these attributes MUST be present.
Attribute Value
VLAN ID (1-4094). When 802.1X
RADIUS VLAN assignment is
enabled on a port, if the RADIUS
server includes the tunnel attributes
defined in RFC 2868 in the
Access-Accept packet, the switch
will automatically place the
authenticated port in the specified
VLAN. Reserved VLANs (such as
for management or stacking) may
not be specified. The attribute must
be untagged (the Tag field must
be 0).
Encapsulated EAP packets from the
supplicant to the authentication
server (Radius) and vice-versa. The
authenticator relays the decoded
packet to both devices.
Always present whenever an
EAP-Message attribute is also
included. Used to integrity-protect a
packet.
Name assigned to the authenticator
port, e.g. Server1_Port3
Chapter 6. 802.1X Port-Based Network Access Control
A-R A-A A-C A-R
0 0-1 0 0
1+ 1+ 1+ 1+
1 1 1 1
1 0 0 0
77