Tunnel Protocol Attribute; Port Authentication Configuration; Table 37 Supported Vsa; Table 38 Supported Tunnel Protocol Attribute - ZyXEL Communications ES-3124 User Manual

ES-3124 Series User's Guide
Note: Refer to the documentation that comes with your RADIUS server on how to
configure a VSA.
The following table describes the VSAs supported on the switch.

Table 37 Supported VSA

FUNCTION
Ingress Bandwidth
Assignment
Egress Bandwidth
Assignment
Privilege Assignment

16.1.1.2 Tunnel Protocol Attribute

You can configure tunnel protocol attributes on the RADIUS server to assign a port on the
switch to a VLAN (fixed, untagged). This will also set the port's VID. Refer to RFC 3580 for
more information.

Table 38 Supported Tunnel Protocol Attribute

FUNCTION
VLAN Assignment

16.2 Port Authentication Configuration

To enable port authentication, first activate IEEE802.1x security (both on the switch and the
port(s)) then configure the RADIUS server settings.
146
ATTRIBUTE
Vendor-Id = 890 (ZyXEL)
Vendor-Type = 1
Vendor-data = ingress rate (decimal)
Vendor-Id = 890
(ZyXEL)
Vendor-Type = 2
Vendor-data =
egress rate (decimal)
Vendor-ID = 890 (ZyXEL)
Vendor-Type = 3
Vendor-Data = "shell:priv-lvl=N"
or
Vendor-ID = 9 (CISCO)
Vendor-Type = 1
(CISCO-AVPAIR)
Vendor-Data = "shell:priv-lvl=N"
where N is a privilege level (from 0 to 14).
Note: If you set the privilege level of a login account differently
on the RADIUS server(s) and the switch, the user is
assigned a privilege level from the database (RADIUS or
local) the switch uses first for user authentication.
ATTRIBUTE
Tunnel-Type = VLAN(13)
Tunnel-Medium-Type = 802(6)
Tunnel-Private-Group-ID =
Note: You must also create a VLAN with the specified VID on
the switch.
VLAN ID
Chapter 16 Port Authentication