© Copyright IBM Corp. 2011 Chapter 6. 802.1X Port-Based Network Access Control 77
81 Tunnel-Private-
Group-ID
VLAN ID (1-4094). When 802.1X
RADIUS VLAN assignment is
enabled on a port, if the RADIUS
server includes the tunnel attributes
defined in RFC 2868 in the
Access-Accept packet, the switch
will automatically place the
authenticated port in the specified
VLAN. Reserved VLANs (such as
for management or stacking) may
not be specified. The attribute must
be untagged (the Tag field must
be 0).
00-10 0
79 EAP-Message Encapsulated EAP packets from the
supplicant to the authentication
server (Radius) and vice-versa. The
authenticator relays the decoded
packet to both devices.
1+ 1+ 1+ 1+
80 Message-
Authenticator
Always present whenever an
EAP-Message attribute is also
included. Used to integrity-protect a
packet.
1111
87 NAS-Port-ID Name assigned to the authenticator
port, e.g. Server1_Port3
1000
Legend:
RADIUS Packet Types: A-R (Access-Request), A-A (Access-Accept),
A-C (Access-Challenge), A-R (Access-Reject)
RADIUS Attribute Support:
• 0 This attribute MUST NOT be present in a packet.
• 0+ Zero or more instances of this attribute MAY be present in a packet.
• 0-1 Zero or one instance of this attribute MAY be present in a packet.
• 1 Exactly one instance of this attribute MUST be present in a packet.
• 1+ One or more of these attributes MUST be present.
Table 7. Support for RADIUS Attributes (continued)
# Attribute Attribute Value A-R A-A A-C A-R
To Next Page
Loading...
Need help?
General
