AT-9000 Switch Command Line User’s Guide
Section VIII: Port Security 727
Single Host Mode Here are the operating characteristics for the switch when an authenticator
port is set to the single host mode:
If the switch receives a valid VLAN ID or VLAN name from the RADIUS
server, it moves the authenticator port to the designated guest VLAN
and changes the port to the authorized state. Only the authenticated
supplicant is allowed to use the port. All other supplicants are denied
entry.
If the switch receives an invalid VLAN ID or VLAN name from the
RADIUS server (e.g., the VID of a nonexistent VLAN), it leaves the port
in the unauthorized state to deny access to the port.
Multiple Host
Mode
Here are the operating characteristics for the switch when an authenticator
port is set to the multiple host mode:
If the switch receives a valid VLAN ID or VLAN name from the RADIUS
server, it moves the authenticator port to the designated VLAN and
changes the port to the authorized state. All clients are allowed access
to the port and the same VLAN after the initial authentication.
If the switch receives an invalid VLAN ID or VLAN name from the
RADIUS server (e.g., the VID of a nonexistent VLAN), it leaves the port
in the unauthorized state to deny access to the port.
Multiple
Supplicant Mode
The initial authentication on an authenticator port running in the multiple
supplicant mode is handled in the same fashion as with the Single
operating mode. If the switch receives a valid VLAN ID or name from the
RADIUS server, it moves the authenticator port to the designated VLAN
and changes the port to the authorized state.
How the switch handles subsequent authentications on the same port
depends on how you set the Secure VLAN parameter. Your options are as
follows:
If you activate the Secure VLAN feature, only those supplicants with
the same VLAN assignment as the initial supplicant are authenticated.
Supplicants with different VLAN assignments or with no VLAN
assignment are denied access to the port.
If you disable the Secure VLAN feature, all supplicants, regardless of
their assigned VLANs, are authenticated. However, the port remains in
the VLAN specified in the initial authentication.
Supplicant VLAN
Attributes on the
RADIUS Server
The following information must be entered as part of a supplicant’s
account on the RADIUS server when associating a supplicant to a VLAN.
Tunnel-Type
The protocol to be used by the tunnel specified by Tunnel-Private-
Group-Id. The only supported value is VLAN (13).
To Next Page
Loading...
Need help?
General
