3com 8807 Guia Do Utilizador
244
C
HAPTER
26: AAA
AND
RADIUS/HWTACACS P
ROTOCOL
C
ONFIGURATION
Configuring Dynamic
VLAN Delivering
Dynamic VLAN delivering aims to control the network resources available to a user.
With this function enabled, a switch adds the ports connecting to authenticated
users to specified VLANs according to the attribute values delivered by the RADIUS
server. In actual use, ports are usually set to operate in port-based mode in order
to work together with Guest VLAN. A port operating in MAC address-based mode
can only have one host connected to it.
With this function enabled, a switch adds the ports connecting to authenticated
users to specified VLANs according to the attribute values delivered by the RADIUS
server. In actual use, ports are usually set to operate in port-based mode in order
to work together with Guest VLAN. A port operating in MAC address-based mode
can only have one host connected to it.
Currently, the VLAN IDs delivered by RADIUS servers can be of integer or string
type.
type.
■
As for a VLAN ID that is of integer type, a switch adds the port to the
corresponding VLAN according to the VLAN ID delivered by the RADIUS server.
If the VLAN does not exist, the switch creates the VLAN first and then adds
ports to the VLAN.
corresponding VLAN according to the VLAN ID delivered by the RADIUS server.
If the VLAN does not exist, the switch creates the VLAN first and then adds
ports to the VLAN.
■
As for a VLAN ID that is of string type, a switch compares the VLAN ID delivered
by the RADIUS server with the names of the VLANs existing on the switch. If a
matching entry is found, the switch adds the port to the corresponding VLAN.
Otherwise, the delivery fails and the user fails to pass the authentication.
by the RADIUS server with the names of the VLANs existing on the switch. If a
matching entry is found, the switch adds the port to the corresponding VLAN.
Otherwise, the delivery fails and the user fails to pass the authentication.
n
■
When configuring a VLAN delivering mode, keep the mode configured on the
switch consistent with the mode configured on the Radius Server..
switch consistent with the mode configured on the Radius Server..
■
For the string delivery mode, the value range of the VLAN name supported by
the switch is 1-32 characters. If the name configured on the Radius Server
exceeds 32 characters, the delivery will fail.
the switch is 1-32 characters. If the name configured on the Radius Server
exceeds 32 characters, the delivery will fail.
■
For the string delivery mode, a string that contains numerals only is first
interpreted as a number. That is, if the VLAN name delivered by the RADIUS
server contains only numerals (such as "1024"), and the equivalent integer is
within the range 1 to 4,094, the switch takes the VLAN name as an integer and
add the authenticated port to the VLAN identified by the integer (In this case,
the switch will add the port to VLAN 1024). If the equivalent integer is not
within the range 1 to 4,094 (such as string "12345"), the RADIUS server fails
to deliver the VALN name; if the all-numeral string contains space, such as " 12
345", the first block of non-spaced numbers in the string will be converted into
its equivalent integer, namely, integer 12 in this example.
interpreted as a number. That is, if the VLAN name delivered by the RADIUS
server contains only numerals (such as "1024"), and the equivalent integer is
within the range 1 to 4,094, the switch takes the VLAN name as an integer and
add the authenticated port to the VLAN identified by the integer (In this case,
the switch will add the port to VLAN 1024). If the equivalent integer is not
within the range 1 to 4,094 (such as string "12345"), the RADIUS server fails
to deliver the VALN name; if the all-numeral string contains space, such as " 12
345", the first block of non-spaced numbers in the string will be converted into
its equivalent integer, namely, integer 12 in this example.
■
Hybrid ports and Trunk ports do not support VLAN delivering; only Access ports
support VLAN delivering.
support VLAN delivering.
Dynamic VLAN delivering configuration includes:
■
Configuring VLAN delivery mode (integer or string)
■
Configuring the name of the delivered VLAN
Configuring VLAN delivery mode
Perform the following configuration in ISP domain view.
Table 205 Configure VLAN delivery mode
Operation
Command
Configure the VLAN delivery mode to be integer
vlan-assignment-mode integer
Configure the VLAN delivery mode to be string
vlan-assignment-mode string