84 CHAPTER 10: MAKING YOUR NETWORK SECURE
■ Before you enable Network Login or Rada you must ensure that:
■ RADIUS has been configured on the Switch.
■ The RADIUS server in your network is operational.
■ If the RADIUS server fails or is unavailable, client devices will be unable
to access the network or be restricted to the default access.
■ Network Login and Rada are not supported on ports configured to
operate as members of an aggregated link.
■ Some client devices that are connected to the Switch port may not
support network login, for example printers. You should configure the
Switch port to operate in Automatic Learning mode, so that network
traffic that does not match the MAC address for the client device is
filtered, or use the basic Rada mode.
■ You should enable Network Login or Rada on all relevant Switch ports.
Failure to enable authentication on a single port could compromise
the security of the entire network.
RADIUS Server settings for Auto VLAN
When setting up Auto VLAN on a RADIUS server the following attributes
must be set to supply VLAN data to the Switch:
Ta b l e 8 Setting Auto VLAN attributes
The Tunnel-Private-Group-ID attribute specifies the VLAN to be assigned.
This can take various forms to indicate if the port is untagged or tagged
member, for example ‘2u 3t' means that the port is an untagged member
of VLAN 2 and a tagged member of VLAN 3.
The switch will assign the first VLAN number with no suffix, or with a ‘U’
or ‘u’ suffix, as an untagged VLAN for the port. Any further VLAN
numbers with no suffix, or with the ‘U’ or ‘u’ suffix, will be assigned as a
tagged VLAN on the same port. For example; all the following strings are
identical after processing: “23 7T 88T”, “7T 88t 23u”, “88T 23 7t “,
”23 7 88”, “7T 23u 88u”.
Attribute Value
Tunnel-Type VLAN
Tunnel-Medium-Type 802
Tunnel-Private-Group-ID <VLAN ID to be assigned>
dua1730-0bAA03.book Page 84 Monday, July 11, 2005 11:14 AM
To Next Page