EasyManuals Logo

Extreme Networks ExtremeWare XOS Guide User Manual

Extreme Networks ExtremeWare XOS Guide
698 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #353 background imageLoading...
Page #353 background image
Authenticating Users
ExtremeWare XOS 11.3 Concepts Guide
353
The NetLogin-Url and NetLogin-Url-Desc attributes are used in case of Web-based login as the page to
use for redirection after a successful login. Other authentication methods will ignore these attributes.
The other attributes are used in the following order to determine the destination VLAN to use:
â—Ź Extreme: Netlogin-Extended-VLAN (VSA 211)
â—Ź Extreme: Netlogin-VLAN-Name (VSA 203)
â—Ź Extreme: Netlogin-VLAN-ID (VSA 209)
â—Ź IETF: Tunnel-Private-Group-ID representing the VLAN TAG as a string, but only if IETF: Tunnel-
Type == VLAN(13) and IETF: Tunnel-Medium-Type == 802 (6).
If none of the previously described attributes are present ISP mode is assumed, and the client remains
in the configured VLAN.
Guidelines and Examples for Using VSAs
This section contains guidelines and examples for using the Extreme Networks VSAs listed in Table 49.
The examples in this section use FreeRADIUS to modify the VSA. Depending on your RADIUS server,
configuration might be different.
NOTE
For information on how to use and configure your RADIUS server, please refer to the documentation that came with
your RADIUS server.
VSA 211—Extreme: Netlogin-Extended-VLAN. The following describes the guidelines for VSA 211:
â—Ź For tagged VLAN movement with 802.1x netlogin, you must use VSA 211.
â—Ź For untagged VLAN movement with 802.1x netlogin, you can use all current Extreme Networks
VLAN VSAs: VSA 203, VSA 209, and VSA 211.
â—Ź To specify the VLAN name or the VLAN ID, use an ASCII string; however, you cannot specify both
the VLAN name and the VLAN ID at the same time. If the string only contains numbers, it is
interpreted as the VLAN ID.
â—Ź For tagged VLANs, specify T for tagged before the VLAN name or VLAN ID.
â—Ź For untagged VLANs, specify U for untagged before the VLAN name or VLAN ID.
● For movement based on the incoming port’s traffic, specify * before the VLAN name or VLAN ID.
The behavior can be either tagged or untagged, based on the incoming port’s traffic, and mimics the
behavior of VSA 203 and VSA 209, respectively.
VSA 211 Examples. The following examples use FreeRADIUS to modify the VSA to support tagged or
untagged VLANs using either the VLAN name or the VLAN ID.
â—Ź Configuring VLAN names
The three options to use when configuring VLAN names are:
■ T—Include before the VLAN name for a tagged VLAN
■ U—Include before the VLAN name for an untagged VLAN
■ *—Include before the VLAN name for movement based on the incoming port’s traffic (mimics
the behavior of VSA 203)
To configure the tagged VLAN voice, do the following:
Extreme-Netlogin-Extended-VLAN = Tvoice

Table of Contents

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the Extreme Networks ExtremeWare XOS Guide and is the answer not in the manual?

Extreme Networks ExtremeWare XOS Guide Specifications

General IconGeneral
BrandExtreme Networks
ModelExtremeWare XOS Guide
CategorySoftware
LanguageEnglish

Related product manuals