xStack® DES-3200 Series Layer 2 Managed Fast Ethernet Switch
295
to be used (in the case of a tunnel initiator) or
the tunneling protocol in use (in the case of a
tunnel terminatior).
This attribute indicates the transport medium
being used.
This attribute indicates group ID for a particular
tunneled session.
If the user has configured the VLAN attribute of the RADIUS server (for example, VID 3) and the 802.1X, or
MAC-based Access Control authentication is successful, the port will be added to VLAN 3. However, if the user
does not configure the VLAN attribute and authenticates successfully, the port will be kept in its original VLAN. If
the VLAN attribute configured on the RADIUS server does not exist, the port will not be assigned to the requested
VLAN.
To assign ACL by RADIUS Server, the proper parameters should be configured on the RADIUS Server. The table
below shows the parameters for an ACL. The RADIUS ACL assignment is only used in MAC-based Access Control.
The parameters of the Vendor-Specific Attribute are:
RADIUS Tunnel Attribute Description Value Usage
13 (for ACL rule)
profile or rule.
For example:
ACL profile:
create access_profile
profile_id 1 profile_name profile1
ethernet vlan 0xFFF;
ACL rule:
config access_profile
profile_id 1 add access_id
auto_assign ethernet vlan_id 1
port all deny;
If the user has configured the ACL attribute of the RADIUS server (for example, ACL profile: create
access_profile profile_id 1 profile_name profile1 ethernet vlan 0xFFF; ACL rule: config access_profile
profile_id 1 add access_id auto_assign ethernet vlan_id 1 port all deny), and the MAC-based Access Cotntrol
authentication is successful, the device will assign the ACL profiles and rules according to the RADIUS server. For
more information about the ACL module, please refer to Chapter 7 ACL.
To Previous Page
Loading...
Need help?
General
