NETGEAR FSM7328SNA Administration Manual page 311

NETGEAR Managed Switches Software Administration Manual, Release 8.0
• If the VLAN assignment is enabled in the RADIUS server then as part of the response message the
RADIUS server sends the VLAN id the client is supposed to be in the 802.1x tunnel attributes. This
attribute indicates the tunneling protocol to be used or the tunneling protocol in use at the authenticator.
The RADIUS server typically indicates the desired VLAN by including tunnel attributes within the
Access-Accept. However, the IEEE 802.1X Authenticator may also provide a hint as to the VLAN to be
assigned to the Supplicant by including Tunnel attributes within the Access-Request.
For use in VLAN assignment, the following tunnel attributes are used:
• Tunnel-Type=VLAN (13)
• Tunnel-Medium-Type=802
• Tunnel-Private-Group-ID=VLANID where VLANID is 12-bits, taking a value between 1 and 4094.
192.168.0.1
RADIUS
server
Figure 15-30
In the diagram above, the switch has placed the host in the VLAN (vlan2000) based on the user details of the
clients.
Configuration on RADIUS Server
For user (e.g. admin):
• Tunnel-Type=VLAN (13)
• Tunnel-Medium-Type=802
• Tunnel-Private-Group-ID=2000
CLI: Configuration on the Switch
(Netgear Switch) #network protocol none
Changing protocol mode will reset ip configuration.
Are you sure you want to continue? (y/n)y
(Netgear Switch) #network parms 192.168.0.5 255.255.255.0
(Netgear Switch) #vlan database
(Netgear Switch) (Vlan)#vlan 2000
(Netgear Switch) #exit
Security Management
Host 1/0/12
1/0/6
1/0/5
192.168.0.5
Switch
v1.0, October 2009
1/0/5
vlan2000
192.168.0.3
Host
15-27