Figure 45.11: the Authentication Flow of 802.1x PEAP
this method: standard control and advanced control. The user-based standard control
will not restrict the access to limited resources, which means all users of this port can
access limited resources before being authenticated. The user-based advanced con-
trol will restrict the access to limited resources, only some particular users of the port
can access limited resources before being authenticated. Once those users pass the
authentication, they can access all resources.
Attention: when using private supplicant systems, user-based advanced control is recom-
mended to effectively prevent ARP cheat.
For the maximum number of the authenticated users, the maximum number of IPv4 users
supported by user-based is 400, the maximum number of IPv6 users supported by user-based is
800. mac-based relates to ratelimit value of switch, it can supports 4000 authenticated users, but
it is recommended that the number of the authenticated users should not exceed 2000.
45.1.7 The Features of VLAN Allocation
1. Auto VLAN
Auto VLAN feature enables RADIUS server to change the VLAN to which the access port be-
longs, based on the user information and the user access device information. When an 802.1x
user passes authentication on the server, the RADIUS server will send the authorization infor-
mation to the device, if the RADIUS server has enabled the VLAN-assigning function, then the
following attributes should be included in the Access-Accept messages:
• Tunnel-Type = VLAN (13)
314
To Next Page
Loading...
General