Enterasys D2 D2G124-12P

To Next Page

To Previous Page

Configuring VLAN Authorization (RFC 3580)

D-Series CLI Reference 15-41

Parameters

Defaults

Ifnoauthenticationmethodisspecified,thesessiontimeoutvalueisresettoitsdefaultvalueof0

forallauthenticationmethods.

Mode

Switchmode,read‐write.

Example

ThisexampleresetsthesessiontimeoutvaluefortheIEEE802.1Xauthenticationmethodto0

seconds.

D2(su)->clear multiauth session-timeout dot1x

Configuring VLAN Authorization (RFC 3580)

Purpose

RFC3580TunnelAttributesprovideamechanismtocontainan802.1XauthenticatedoraMAC

authenticatedusertoaVLANregardlessofthePVID.

Pleaseseesection3‐31ofRFC3580fordetailsonconfiguringaRADIUSservertoreturnthe

desiredtunnelattributes.AsstatedinRFC3580,“...

itmaybedesirabletoallowaporttobeplaced

intoaparticularVirtualLAN(VLAN),definedin[IEEE8021Q],basedontheresultofthe

authentication.”

TheRADIUSservertypicallyindicatesthedesiredVLANbyincludingtunnelattributeswithinits

Access‐Acceptparameters.However,theIEEE802.1XorMACauthenticator

canalsobe

configuredtoinstructtheVLANtobeassignedtothesupplicantbyincludingtunnelattributes

withinAccess‐Requestparameters.

ThefollowingtunnelattributesareusedinVLANauthorizationassignment,:

•Tunnel‐Type‐VLAN(13)

•Tunnel‐Medium‐Type‐802

•Tunnel‐Private‐Group‐ID‐VLANID

InordertoauthenticatemultipleRFC3580

users,policymaptableresponsemustbesettotunnel

asdescribedinthissection.

dot1x (Op tional)SpecifiestheIEEE802.1Xport‐basednetworkaccesscontrol

authenticationmethodforwhichtoresetthetimeoutvaluetoits

default.

mac (Optional)SpecifiestheEnterasysMACauthenticationmethodfor 

whichtoresetthetimeoutvalue

toitsdefault.

pwa (Optional)SpecifiestheEnterasysPortWebAuthenticationmethodfor

whichtoresetthetimeoutvaluetoitsdefault.

Note: The D2 cannot simultaneously support Policy and RFC 3580 on the same port. If multiple

users are configured to use a port, and the G3 is then switched from "policy" mode to (RFC-3580

"tunnel" mode, the total number of users supported to use a port will be reset to one.

Main Page

Table of Contents

Related product manuals