© Copyright Lenovo 2018
Table 11.
Support for RADIUS Attributes (continued)
# Attribute
81 Tunnel‐Private‐
Group‐ID
79 EAP‐Message
80 Message‐
Authenticator
87 NAS‐Port‐ID
Legend: RADIUS Packet Types: A‐R (Access‐Request), A‐A (Access‐Accept),
A‐C (Access‐Challenge), A‐R (Access‐Reject)
RADIUS Attribute Support:
0
This attribute MUST NOT be present in a packet.
0+
Zero or more instances of this attribute MAY be present in a packet.
0‐1
Zero or one instance of this attribute MAY be present in a packet.
1
Exactly one instance of this attribute MUST be present in a packet.
1+
One or more of these attributes MUST be present.
Attribute Value
VLAN ID (1‐4094). When
802.1X RADIUS VLAN
assignment is enabled on a port,
if the RADIUS server includes
the tunnel attributes defined in
RFC 2868 in the Access‐Accept
packet, the switch will
automatically place the
authenticated port in the
specified VLAN. Reserved
VLANs (such as for
management) may not be
specified. The attribute must be
untagged (the Tag field must
be 0).
Encapsulated EAP packets from
the supplicant to the
authentication server (Radius)
and vice‐versa. The
authenticator relays the
decoded packet to both devices.
Always present whenever an
EAP‐Message attribute is also
included. Used to
integrity‐protect a packet.
Name assigned to the
authenticator port, e.g.
Server1_Port3
Chapter 6: 802.1X Port-Based Network Access Control
A-R
A-A
A-C
A-R
0
0‐1
0
0
1+
1+
1+
1+
1
1
1
1
1
0
0
0
119