Configuring Dynamic Vlan Assignment - H3C S5100-SI Operation Manual
Ethernet switches
Hide thumbs
Also See for H3C S5100-SI:
- Operation manual (934 pages) ,
- Installation manual (104 pages) ,
- Quick start manual (78 pages)
Table of Contents
Advertisement
Configuring Dynamic VLAN Assignment
The dynamic VLAN assignment feature enables a switch to dynamically add the switch ports of
successfully authenticated users to different VLANs according to the attributes assigned by the
RADIUS server, so as to control the network resources that different users can access.
Currently, the switch supports the following two types of assigned VLAN IDs: integer and string.
Integer: If the RADIUS authentication server assigns integer type of VLAN IDs, you can set the
VLAN assignment mode to integer on the switch (this is also the default mode on the switch). Then,
upon receiving an integer ID assigned by the RADIUS authentication server, the switch adds the
port to the VLAN whose VLAN ID is equal to the assigned integer ID. If no such a VLAN exists, the
switch first creates a VLAN with the assigned ID, and then adds the port to the newly created
VLAN.
String: If the RADIUS authentication server assigns string type of VLAN IDs, you can set the VLAN
assignment mode to string on the switch. Then, upon receiving a string ID assigned by the RADIUS
authentication server, the switch compares the ID with existing VLAN names on the switch. If it
finds a match, it adds the port to the corresponding VLAN. Otherwise, the VLAN assignment fails
and the user fails the authentication.
In actual applications, to use this feature together with Guest VLAN, you should better set port control to
port-based mode. For more information, refer to Basic 802.1x Configuration of 802.1x and System
Guard Operation.
Follow these steps to configure dynamic VLAN assignment:
To do...
Enter system view
Create an ISP domain and
enter its view
Set the VLAN assignment
mode
Create a VLAN and enter its
view
Set a VLAN name for VLAN
assignment
In string mode, if the VLAN ID assigned by the RADIUS server is a character string containing only
digits (for example, 1024), the switch first regards it as an integer VLAN ID: the switch transforms
the string to an integer value and judges if the value is in the valid VLAN ID range; if it is, the switch
adds the authenticated port to the VLAN with the integer value as the VLAN ID (VLAN 1024, for
example).
To implement dynamic VLAN assignment on a port where both MSTP and 802.1x are enabled, you
must set the MSTP port to an edge port.
Use the command...
system-view
domain isp-name
vlan-assignment-mode
{ integer | string }
vlan vlan-id
name string
2-6
Remarks
—
—
Optional
By default, the VLAN assignment
mode is integer.
—
This operation is required if the
VLAN assignment mode is set to
string.
Advertisement
Chapters
Table of Contents
Troubleshooting
