3Com 7757 Configuration Manual page 522
3com switch 7750 family
Hide thumbs
Also See for 7757:
- Quick reference manual (94 pages) ,
- Installation manual (80 pages) ,
- Product manual (15 pages)
Table of Contents
Advertisement
522
C
49: AAA & RADIUS & HWTACACS C
HAPTER
Configuring Dynamic
VLAN Assignment
ONFIGURATION
authentication and authorization configuration for a domain: if the scheme
radius-scheme or scheme local command is executed, the authorization
none command is executed, while the authentication command is not
executed, the authorization information returned from the RADIUS or local
scheme still takes effect.
The dynamic VLAN assignment feature enables a switch to dynamically add the
switch ports of successfully authenticated users to different VLANs according to
the attributes assigned by the RADIUS server, so as to control the network
resources that different users can access.
Currently, the switch supports the RADIUS authentication server to assign the
following two types of VLAN IDs: integer and string.
Integer: If the RADIUS server assigns integer type of VLAN IDs, you can set the
■
VLAN assignment mode to integer on the switch (this is also the default mode
on the switch). Then, upon receiving an integer ID assigned by the RADIUS
authentication server, the switch adds the port to the VLAN whose VLAN ID is
equal to the assigned integer ID. If no such a VLAN exists, the switch first
creates a VLAN with the assigned ID, and then adds the port to the newly
created VLAN.
String: If the RADIUS server assigns string type of VLAN IDs, you can set the
■
VLAN assignment mode to string on the switch. Then, upon receiving a string
ID assigned by the RADIUS authentication server, the switch compares the ID
with existing VLAN names on the switch. If it finds a match, it adds the port to
the corresponding VLAN. Otherwise, the VLAN assignment fails and the user
cannot pass the authentication.
The switch supports the integer mode and string mode of dynamic VLAN
assignments to adapt to authentication server. Different servers assign VLANs in
different ways. You are recommended to configure the switch based on the mode
of dynamic VLAN assignment used by the server.
Table 403 Common VLAN assignment modes for RADIUS server
Server type
CAMS
ACS
FreeRADIUS
Shiva Access Manager
Steel-Belted Radius Administrator
In actual applications, to use this feature together with Guest VLAN, you should
better set port control to port-based mode.
Table 404 Configure dynamic VLAN assignment
Operation
Command
Enter system view
system-view
Dynamic VLAN assignment mode
Integer (For the latest version, whether the mode is
integer or string depends on attribute value.)
String
Determined by attribute value (A value of 100
represents the integer mode and a value of "100"
represents the string mode).
String
String
Description
-
Advertisement
Table of Contents
Troubleshooting
