DGS-3130 Series Layer 3 Stackable Managed Switch Web UI Reference Guide
476
NOTE: A tag field of greater than 0x1F is interpreted as the first octet of the following field.
If the user has configured the VLAN attribute of the RADIUS server (for example, VID 3) and the 802.1X, or MAC
based Access Control, or WAC authentication is successful, the port will be assigned to VLAN 3. However if the user
does not configure the VLAN attributes, when the port is not guest VLAN member, it will be kept in its current
authentication VLAN, and when the port is guest VLAN member, it will be assigned to its original VLAN.
To assign the ACL by the RADIUS server, the proper parameters should be configured on the RADIUS server. The
table below shows the parameters for an ACL.
The parameters of the Vendor-Specific Attribute are:
RADIUS
Tunnel
Attribute
Description Value Usage
Vendor-ID Defines the vendor. 171 (DLINK) Required
Vendor-Type Defines the attribute. 14 (for ACL script) Required
Attribute-
Specific Field
Used to assign the ACL script. The
format is based on Access Control
List (ACL) Commands.
ACL Script
For example:
ip access-list a1;permit host
10.90.90.100;exit; mac access-list extended
m1;permit host 00-00-00-01-90-10 any; exit;
Required
If the user has configured the ACL attribute of the RADIUS server (for example, ACL script: ip access-list a1;permit
host 10.90.90.100;exit; mac access-list extended m1;permit host 00-00-00-01-90-10 any; exit;), and the 802.1X or
MAC-based Access Control WAC is successful, the device will assign the ACL script according to the RADIUS server.
The enter Access-List Configuration Mode and exit Access-List Configuration Mode must be a pair, otherwise
the ACP script will be reject. For more information about the ACL module, please refer to Access Control List (ACL)
Commands chapter.
To Next Page
Loading...
