Assigning Vlans With Tunnel Attributes; Viewing A List Of Authorized Mac Addresses - Siemens RUGGEDCOM ROS User Manual

Hide thumbs Also See for RUGGEDCOM ROS:

User manual (188 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

196

197

198

199

200

201

202

203

204

205

206

207

208

209

210

211

212

213

214

215

216

217

218

219

220

221

222

223

224

225

226

227

228

229

230

231

232

233

234

235

236

237

238

239

240

241

242

243

244

245

246

Table of Contents

Chapter 5

Setup and Configuration

Section 5.10.1.4

Assigning VLANS with Tunnel Attributes

ROS supports assigning a VLAN to the authorized port using tunnel attributes, as defined in

tools.ietf.org/html/rfc3580], when the Port Security mode is set to 802.1x or 802.1x/MAC-Auth.

In some cases, it may be desirable to allow a port to be placed into a particular VLAN, based on the

authentication result. For example:

• To allow a particular device, based on its MAC address, to remain on the same VLAN as it moves within a

network, configure the switches for 802.1X/MAC-Auth mode

• To allow a particular user, based on the user's login credentials, to remain on the same VLAN when the user

logs in from different locations, configure the switches for 802.1X mode

If the RADIUS server wants to use this feature, it indicates the desired VLAN by including tunnel attributes in the

Access-Accept message. The RADIUS server uses the following tunnel attributes for VLAN assignment:

• Tunnel-Type=VLAN (13)

• Tunnel-Medium-Type=802

• Tunnel-Private-Group-ID=VLANID

Note that VLANID is 12-bits and takes a value between 1 and 4094, inclusive. The Tunnel-Private-Group-ID is

a string as defined in

string.

If the tunnel attributes are not returned by the authentication server, the VLAN assigned to the switch port

remains unchanged.

Section 5.10.2

Viewing a List of Authorized MAC Addresses

To view a list of static MAC addresses learned from secure ports, navigate to Port Security » View Authorized

MAC Addresses. The Authorized MAC Addresses table appears.

NOTE

Only MAC addresses authorized on a static MAC port(s) are shown. MAC addresses authorized with

IEEE 802.1X are not shown.

Figure 165: Authorized MAC Addresses Table

This table displays the following information:

Parameter

Port

MAC Address

218

RFC 2868

[http://tools.ietf.org/html/rfc2868], so the VLANID integer value is encoded as a

Description

Synopsis: 1 to maximum port number

Port on which MAC address has been learned.

Synopsis: ##-##-##-##-##-## where ## ranges 0 to FF

RUGGEDCOM ROS

RFC 3580

Assigning VLANS with Tunnel Attributes

User Guide

[http://

Table of Contents

Show Quick Links

Quick Links:
Cli Command Syntax

Hide quick links:

Table of Contents

Assigning Vlans With Tunnel Attributes; Viewing A List Of Authorized Mac Addresses - Siemens RUGGEDCOM ROS User Manual

Assigning VLANS with Tunnel Attributes

Viewing a List of Authorized MAC Addresses

Hide quick links:

Related Manuals for Siemens RUGGEDCOM ROS

Related Content for Siemens RUGGEDCOM ROS

Table of Contents