Configuring VLAN Authorization (RFC 3580)
SecureStack C2 Configuration Guide 23-45
Configuring VLAN Authorization (RFC 3580)
Purpose
RFC3580TunnelAttributesprovideamechanismtocontainan802.1XauthenticatedoraMAC
authenticatedusertoaVLANregardlessofthePVID.Uptosixuserscanbeconfiguredper
Gigabitport.
Pleaseseesection3‐31ofRFC3580fordetailsonconfiguringaRADIUSservertoreturn
the
desiredtunnelattributes.AsstatedinRFC3580,“...itmaybedesirabletoallowaporttobeplaced
intoaparticularVirtualLAN(VLAN),definedin[IEEE8021Q],basedontheresultofthe
authentication.”
TheRADIUSservertypicallyindicatesthedesiredVLANbyincludingtunnelattributeswithinits
Access‐Acceptparameters.However,theIEEE802.1XorMACauthenticatorcanalsobe
configuredtoinstructtheVLANtobeassignedtothesupplicantbyincludingtunnelattributes
withinAccess‐Requestparameters.
ThefollowingtunnelattributesareusedinVLANauthorizationassignment,:
•Tunnel‐Type‐VLAN(13)
•Tunnel‐Medium‐Type‐802
•Tunnel‐Private
‐Group‐ID‐VLANID
InordertoauthenticatemultipleRFC3580users,policymaptableresponsemustbesettotunnel
asdescribedinthissection.
Commands
show policy maptable response
Displaysthecurrentpolicymaptableresponsesetting.WhenVLANauthorizationisenabled(as
describedinthissection)andthepolicymaptableresponseistunnel,youcanusetheset
Notes: The C2 cannot simultaneously support Policy and RFC 3580 on the same port. If multiple
users are configured to use a port, and the C2 is then switched from "policy" mode to RFC-3580
"tunnel" mode, the total number of users supported to use a port will be reset to one.
A policy license, if applicable, is not required to run RFC3580.
For information about... Refer to page...
show policy maptable response 23-45
set policy maptable response 23-46
set vlanauthorization 23-47
set vlanauthorization egress 23-48
clear vlanauthorization 23-48
show vlanauthorization 23-49
To Next Page
Loading...
