Chapter 25 AAA
MES-3528 User’s Guide
219
25.2.4.1 Tunnel Protocol Attribute
You can configure tunnel protocol attributes on the RADIUS server (refer to your
RADIUS server documentation) to assign a port on the Switch to a VLAN based on
IEEE 802.1x authentication. The port VLAN settings are fixed and untagged. This
will also set the port’s VID. The following table describes the values you need to
configure. Note that the bolded values in the table are fixed values as defined in
RFC 3580.
25.3 Supported RADIUS Attributes
Remote Authentication Dial-In User Service (RADIUS) attributes are data used to
define specific authentication, and accounting elements in a user profile, which is
stored on the RADIUS server. This appendix lists the RADIUS attributes supported
by the Switch.
Egress Bandwidth
Assignment
Vendor-Id = 890
Vendor-Type = 2
Vendor-data =
egress rate (Kbps in decimal format)
Privilege
Assignment
Vendor-ID = 890
Vendor-Type = 3
Vendor-Data = "shell:priv-lvl=N"
or
Vendor-ID = 9
(CISCO)
Vendor-Type = 1 (CISCO-AVPAIR)
Vendor-Data = "shell:priv-lvl=N"
where
N is a privilege level (from 0 to 14).
Note: If you set the privilege level of a login account differently
on the RADIUS server(s) and the Switch, the user is
assigned a privilege level from the database (RADIUS or
local) the Switch uses first for user authentication.
Table 66 Supported VSAs
FUNCTION ATTRIBUTE
Table 67 Supported Tunnel Protocol Attribute
FUNCTION ATTRIBUTE
VLAN Assignment Tunnel-Type = VLAN(13)
Tunnel-Medium-Type = 802(6)
Tunnel-Private-Group-ID =
VLAN ID
Note: You must also create a VLAN with the specified VID on
the Switch.
To Next Page
Loading...
