Tag Vlan Assignment On Trunk/Hybrid Port Supported By 802.1X Authentication; Identifier Authentication Method Attribute In Radius; Setting Retransmission Times Of Radius Request Packet; Setting The Supported Type Of The Radius Server - 3Com 5500-SI Configuration Manual
5500 series
Hide thumbs
Also See for 5500-SI:
- Datasheet (9 pages) ,
- Getting started manual (148 pages) ,
- Quick reference manual (59 pages)
Table of Contents
Advertisement
426
C
21: 802.1
HAPTER
Tag VLAN Assignment
on Trunk/Hybrid Port
Supported by 802.1x
Authentication
Identifier Authentication
Method Attribute in
RADIUS
Setting Retransmission
Times of RADIUS
Request Packet
Setting the Supported
Type of the RADIUS
Server
C
X
ONFIGURATION
By default, the keys of RADIUS authentication/authorization and accounting packets
are all "3com".
Currently, the 802.1x authentication module supports Tag VLAN assignment only on
Access port. But some applications (for example, this kind of connection: switch—IP
phone—PC) needs 802.1x authentication on Trunk/Hybrid port. For this reason, a
new feature, Tag VLAN assignment on Trunk/Hybrid port, is designed.
After a MAC address authentication succeeds, the address information is
■
synchronously assigned in the whole fabric.
When a user logs off, the system restores the original VLAN information on the
■
Trunk/Hybrid port and synchronously deletes the corresponding address
information from the whole fabric.
The purpose of adding identifier authentication method attribute into RADIUS
authentication packets is to distinguish different access modes, such as Portal,
802.1x, and PPPoE. For the non-3Com client block function, you can limit its
operation range to only 802.1x authentication, that is, allow the function to take
effect only when the identifier authentication method attribute is 802.1x.
The adding of identifier authentication method attribute into an RADIUS
authentication packet is to fill the Framed Protocol attribute in the RADIUS
authentication request packet based on the access mode of the user.
Since RADIUS protocol uses UDP packets to carry the data, the communication
process is not reliable. If the RADIUS server has not responded to NAS before timeout,
NAS has to retransmit the RADIUS request packet. If it transmits more than the
specified
retry-times
secondary RADIUS servers has been disconnected.
You can use the following command to set the retransmission times of the RADIUS
request packet.
Perform the following configurations in RADIUS Scheme View.
Table 459 Setting Retransmission Times of RADIUS Request Packet
Operation
Set retransmission times of RADIUS request packet
Restore the default value of retransmission times
By default, RADIUS request packet will be retransmitted up to three times.
The Switch 5500 supports the standard RADIUS protocol and the extended RADIUS
service platforms.
You can use the following command to set the supported types of RADIUS servers.
Perform the following configurations in RADIUS Scheme View.
Table 460 Setting the Supported Type of the RADIUS Server
Operation
Setting the Supported Type of RADIUS Server
Restore the RADIUS server type to the default setting
, NAS considers the communication with the primary and
Command
retry retry_times
undo retry
Command
server-type { 3com | standard
}
undo server_type
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
