Chapter 5
Setup and Configuration
RUGGEDCOM ROS
User Guide
218 Assigning VLANS with Tunnel Attributes
Section 5.10.1.4
Assigning VLANS with Tunnel Attributes
ROS supports assigning a VLAN to the authorized port using tunnel attributes, as defined in RFC 3580 [http://
tools.ietf.org/html/rfc3580], when the Port Security mode is set to 802.1x or 802.1x/MAC-Auth.
In some cases, it may be desirable to allow a port to be placed into a particular VLAN, based on the
authentication result. For example:
• To allow a particular device, based on its MAC address, to remain on the same VLAN as it moves within a
network, configure the switches for 802.1X/MAC-Auth mode
• To allow a particular user, based on the user’s login credentials, to remain on the same VLAN when the user
logs in from different locations, configure the switches for 802.1X mode
If the RADIUS server wants to use this feature, it indicates the desired VLAN by including tunnel attributes in the
Access-Accept message. The RADIUS server uses the following tunnel attributes for VLAN assignment:
• Tunnel-Type=VLAN (13)
• Tunnel-Medium-Type=802
• Tunnel-Private-Group-ID=VLANID
Note that VLANID is 12-bits and takes a value between 1 and 4094, inclusive. The Tunnel-Private-Group-ID is
a string as defined in RFC 2868 [http://tools.ietf.org/html/rfc2868], so the VLANID integer value is encoded as a
string.
If the tunnel attributes are not returned by the authentication server, the VLAN assigned to the switch port
remains unchanged.
Section 5.10.2
Viewing a List of Authorized MAC Addresses
To view a list of static MAC addresses learned from secure ports, navigate to Port Security » View Authorized
MAC Addresses. The Authorized MAC Addresses table appears.
NOTE
Only MAC addresses authorized on a static MAC port(s) are shown. MAC addresses authorized with
IEEE 802.1X are not shown.
Figure 165: Authorized MAC Addresses Table
This table displays the following information:
Parameter Description
Port Synopsis: 1 to maximum port number
Port on which MAC address has been learned.
MAC Address Synopsis: ##-##-##-##-##-## where ## ranges 0 to FF
To Next Page
Loading...
Need help?
General
