Table of Contents
Advertisement
Guest VLAN Enabled
Port-based 802.1X
Single 802.1X
For trouble-shooting VLAN assignments, use the "Monitor→VLANs→VLAN
Membership and VLAN Port" Pages. These Pages show which modules have
(temporarily) overridden the current Port VLAN configuration.
RADIUS attributes used in identifying a VLAN ID:
RFC2868 and RFC3580 form the basis for the attributes used in identifying a
VLAN ID in an Access-Accept packet. The following criteria are used:
The Tunnel-Medium-Type, Tunnel-Type, and Tunnel-Private-Group-ID
attributes must all be present at least once in the Access-Accept
packet.
The switch looks for the first set of these attributes that have the same
Tag value and fulfil the following requirements (if Tag == 0 is used, the
Tunnel-Private-Group-ID does not need to include a Tag):
Value of Tunnel-Medium-Type must be set to "IEEE-802" (ordinal 6).
Value of Tunnel-Type must be set to "VLAN" (ordinal 13).
Value of Tunnel-Private-Group-ID must be a string of ASCII chars in
the range '0' - '9', which is interpreted as a decimal string representing
the VLAN ID. Leading '0's are discarded. The final value must be in the
range [1; 4095].
When Guest VLAN is both globally enabled and enabled (checked) for a given
port, the switch considers moving the port into the Guest VLAN according to the
rules outlined below.
This option is only available for EAPOL-based modes, i.e.:
Port-based 802.1X
Single 802.1X
Multi 802.1X
For trouble-shooting VLAN assignments, use the "Monitor→VLANs→VLAN
Membership and VLAN Port" Pages. These Pages show which modules have
(temporarily) overridden the current Port VLAN configuration.
Guest VLAN Operation:
When a Guest VLAN enabled port's link comes up, the switch starts transmitting
EAPOL Request Identity frames. If the number of transmissions of such frames
268
Advertisement
Table of Contents
Need help?
Do you have a question about the NS4702-24P-4S-4X and is the answer not in the manual?
Questions and answers