Siemens SCALANCE XM-400 Configuration Manual page 461
Industrial ethernet switches
Hide thumbs
Also See for SCALANCE XM-400:
- Configuration manual (960 pages) ,
- Operating instructions manual (80 pages) ,
- Instructions manual (60 pages)
Table of Contents
Advertisement
● Adopt RADIUS VLAN Assignment
The RADIUS server informs the IE switch of the VLAN to which the port will belong. Enable
this option if you want the information of the server to be taken into account.
The port can only be assigned to the VLAN, if the VLAN has been created on the device.
Otherwise Authentication (Page 441) is rejected.
If during authentication a port is assigned to a VLAN dynamically using this function,
assignment using the VLAN-ID or the VLAN name is possible. Configure the following
values on the RADIUS server:
– Tunnel-Type = VLAN
– Tunnel-Medium-Type = IEEE-802
– Tunnel-Private-Group-Id = VLAN-ID or VLAN-Name
The IE switch distinguishes as follows:
– VLAN ID: The RADIUS server transfers a numeric string for the parameter "Tunnel-
– VLAN-Name: The RADIUS server transfers an alphanumeric string for the parameter
● MAC Auth. Max Permitted Addresses
– 1 - 100
– 0
● Guest VLAN
Enable this option if you want the end device to be permitted in the guest VLAN if
authentication fails.
The port can only be assigned to the VLAN, if the VLAN has been created on the device.
Otherwise Authentication (Page 441) is rejected.
This function is also known as "Authentication failed VLAN".
● Guest VLAN ID
Enter the VLAN ID of the guest VLANs.
SCALANCE XM-400/XR-500 Web Based Management (WBM)
Configuration Manual, 05/2017, C79000-G8976-C248-12
Private-Group-Id".
"Tunnel-Private-Group-Id".
Specify how many MAC addresses can communicate on the port at the same time.
Note
If a device uses several MAC addresses, all MAC addresses must be authenticated.
Store all the MAC addresses to be authenticated on the RADIUS server. Enter the
number in the "MAC Auth. Max Permitted Addresses" box.
You can set the value "0". This setting has the effect that after the first successful
authentication of a MAC address, the port is released for all MAC addresses.
Use case
If you configure the value "0" for a port. connect this port to a WLAN access point. After
the AP has authenticated itself successfully, all MAC addresses are released on this
port. All WLAN clients connected to the AP can communicate on the port without their
own authentication. Make sure that the the clients are authenticated by the AP.
Firmware compatibility
In firmware versions < 6.0.2 the value "0" is not a valid entry.
If you configure the value "0" with the firmware version 6.0.2 and copy a firmware version
<6.0.2 to the device, the function MAC authentication is deactivated on the relevant
ports. Reconfigure the MAC authentication on these ports:
Configuring with Web Based Management
5.8 The "Security" menu
461
Advertisement
Table of Contents
