Configuring Authentication
Fixed Switch Configuration Guide 10-21
• dynamic – Egress formatting will be based upon information contained in the authentication
response.
The VLAN authorization table will always list any tunnel attribute’s VIDs that have been received
for authenticated end systems, but a VID will not actually be assigned unless VLAN authorization
is enabled both globally and on the authenticating port. Dynamic VLAN authorization overrides
the port PVID. Dynamic VLAN authorization is not reflected in the show port vlan display. The
VLAN egress list may be statically configured, enabled based upon the set vlanauthorization
egress command, or have dynamic egress enabled to allow full VLAN membership and
connectivity.
Procedure 10-8 describes setting VLAN authorization configuration.
Setting Dynamic Policy Profile Assignment
Dynamic policy profile assignment is implemented using the policy mapping table. When VLAN
authorization is enabled, authenticated users are dynamically assigned to the received tunnel
attribute’s VID, unless preempted by a policy map-table configuration entry. Dynamic policy
profile assignment is supported by mapping a VID to a policy role upon receipt of a RADIUS
tunnel attribute.
Procedure 10-9 describes configuring dynamic policy profile assignment
Configuring RADIUS
You can set, clear, and display RADIUS configuration for both authentication and accounting.
Configuring the Authentication Server
There are four aspects to configuring the authentication server:
• State enables or disables the RADIUS client for this switch.
• Establishment values configure a timer setting the length of time before retries, as well as the
number of retries, before the switch determines the authentication server is down and
attempts to establish with the next server in its list.
Procedure 10-8 VLAN Authorization Configuration
Step Task Command(s)
1. Enable or disable VLAN authorization both
globally and per port.
set vlanauthorization {enable | disable}
2. Reset VLAN authorization configuration to
default values for the specified port-list or for all.
clear vlanauthorization {port-list | all}
3. Display VLAN authorization configuration
settings for the specified port-list or for all.
show vlanauthorization {port-list | all}
Procedure 10-9 Policy Profile Assignment Configuration
Step Task Command(s)
1. Identify the profile index to be used in the
VID-to-policy mapping.
show policy profile all
2. Map the VLAN ID to the profile index. set policy maptable {vlan-list profile-index |
response {tunnel | policy | both}}
3. Display the current maptable configuration. show policy maptable.
To Next Page
Loading...
Need help?
General