Configuring Dynamic Vlan Assignment - H3C S7500 Series Operation Manual
Hide thumbs
Also See for S7500 Series:
- Installation manual (79 pages) ,
- Operation manual (47 pages) ,
- Command manual (39 pages)
Table of Contents
Advertisement
Operation Manual – AAA & RADIUS & HWTACACS & EAD
H3C S7500 Series Ethernet Switches
Caution:
You can execute the scheme command with the radius-scheme-name argument to
adopt an already configured RADIUS scheme to implement all the three AAA
functions. If you adopt the local scheme, only the authentication and authorization
functions are implemented, the accounting function cannot be implemented.
If you execute the scheme radius-scheme radius-scheme-name local command,
the local scheme becomes the secondary scheme in case the RADIUS server does
not respond normally. That is, if the communication between the switch and the
RADIUS server is normal, no local authentication is performed; otherwise, local
authentication is performed.
If you execute the scheme hwtacacs-scheme radius-scheme-name local
command, the local scheme becomes the secondary scheme in case the TACACS
server does not respond normally. That is, if the communication between the switch
and the TACACS server is normal, no local authentication is performed; otherwise,
local authentication is performed.
If you adopt local or none as the primary scheme, local authentication is performed
or no authentication is performed. In this case, you cannot use the RADIUS scheme
at the same time.
1.3.5 Configuring Dynamic VLAN Assignment
The dynamic VLAN assignment feature enables a switch to dynamically add the switch
ports with successfully authenticated users to different VLANs according to the
attributes assigned by the RADIUS server, so as to control the network resources that
different users can access.
Currently, the switch supports the RADIUS authentication server to assign the following
two types of VLAN IDs: integer and string.
Integer: If the RADIUS server assigns integer type of VLAN IDs, you can set the
VLAN assignment mode to integer on the switch. Then, upon receiving an integer
ID assigned by the RADIUS authentication server, the switch adds the port to the
VLAN whose VLAN ID is equal to the assigned integer ID. If no such a VLAN exists,
the switch first creates a VLAN with the assigned ID, and then adds the port to the
newly created VLAN.
String: If the RADIUS server assigns string type of VLAN IDs, you can set the
VLAN assignment mode to string on the switch. Then, upon receiving a string ID
assigned by the RADIUS authentication server, the switch compares the ID with
existing VLAN names on the switch. If it finds a match, it adds the port to the
corresponding VLAN. Otherwise, the VLAN assignment fails and the user cannot
pass the authentication.
Chapter 1 AAA & RADIUS & HWTACACS
1-17
Configuration
Advertisement
Chapters
Table of Contents
Troubleshooting
