When a user successfully authenticates to the network, the RADIUS server returns an Access‐
Accept frame. This frame can have many attributes, two of which are a Filter ID (which is how
policy assignment is achieved) and RFC 3580 VLAN assignment.
If a switch is in tunnel mode:
•
The FID (Filter ID) is always ignored, but Default policy rules still apply.
•
The VLAN attribute is used if present, and if VLAN authorization is enabled. See "set
vlanauthorization" on page 23‐47.
If a switch is in policy mode:
•
If the Access‐Accept frame has the FID attribute only, then the FID is used.
•
If the Access‐Accept frame has the VLAN attribute only, then it is used provided that VLAN
authorization is enabled. See "set vlanauthorization" on page 23‐47.
•
If both attributes are returned, use the FID only.
Examples
This example shows how to set the policy maptable response to tunnel:
C2(rw)-> set policy maptable response tunnel
set vlanauthorization
Enable or disable the use of the RADIUS VLAN tunnel attribute to put a port into a particular
VLAN based on the result of authentication.
Syntax
set vlanauthorization {enable | disable} [port-string]
Parameters
enable | disable
port‐string
Defaults
VLAN authentication is disabled by default.
Mode
Switch command, read‐write.
Examples
This example shows how to enable VLAN authentication for all Gigabit Ethernet ports:
C2(rw)-> set vlanauthorization enable ge.*.*
This example shows how to disable VLAN authentication for all Gigabit Ethernet ports on switch
unit/module 3:
C2(rw)-> set vlanauthorization disable ge.3.*
Enables or disables vlan authorization/tunnel attributes.
(Optional) Specifies which ports to enable or disable the use of VLAN
tunnel attributes/authorization. For a detailed description of possible port‐
string values, refer to "Port String Syntax Used in the CLI" on page 7‐2.
set vlanauthorization
SecureStack C2 Configuration Guide 23-47