Configuring VLAN Authorization (RFC 3580)
Enterasys D-Series CLI Reference 17-45
Configuring VLAN Authorization (RFC 3580)
Purpose
RFC3580TunnelAttributesprovideamechanismtocontainan802.1XauthenticatedoraMAC
authenticatedusertoaVLANregardlessofthePVID.
Pleaseseesection3‐31ofRFC3580fordetailsonconfiguringaRADIUSservertoreturnthe
desiredtunnelattributes.AsstatedinRFC3580,“...
itmaybe desirabletoallowaporttobeplaced
intoaparticularVirtualLAN(VLAN),definedin[IEEE8021Q],basedontheresult ofthe
authentication.”
TheRADIUSservertypicallyindicatesthedesiredVLANbyincludingtunnelattributeswithinits
Access‐Acceptparameters.However,theIEEE802.1XorMACauthenticator
canalsobe
configuredtoinstructtheVLANtobeassignedtothesupplicantbyincludingtunnelattributes
withinAccess‐Requestparameters.
ThefollowingtunnelattributesareusedinVLANauthorizationassignment, :
•Tunnel‐Type‐VLAN(13)
•Tunnel‐Medium‐Type‐802
•Tunnel‐Private‐Group‐ID‐VLANID
InordertoauthenticatemultipleRFC3580
users,policymaptableresponsemustbesettotunnel
asdescribedinthissection.
Commands
show policy maptable response
Displaysthecurrentpolicymaptableresponsesetting.WhenVLANauthorizationisenabled(as
describedinthissection)andthepolicymaptableresponseistunnel,youcanusetheset
Notes: The D2 cannot simultaneously support Policy and RFC 3580 on the same port. If multiple
users are configured to use a port, and the D2 is then switched from "policy" mode to RFC-3580
"tunnel" mode, the total number of users supported to use a port will be reset to one.
A policy license, if applicable, is not required to run RFC3580.
For information about... Refer to page...
show policy maptable response 17-45
set policy maptable response 17-46
set vlanauthorization 17-47
set vlanauthorization egress 17-48
clear vlanauthorization 17-48
show vlanauthorization 17-49
To Next Page
Loading...
Need help?
General