ZyXEL Communications 4728F User Manual
Chapter 25 AAA
XGS-4526/4528F/4728F User’s Guide
253
25.2.5 Tunnel Protocol Attribute
You can configure tunnel protocol attributes on the RADIUS server (refer to your
RADIUS server documentation) to assign a port on the Switch to a VLAN based on
IEEE 802.1x authentication. The port VLAN settings are fixed and untagged. This
will also set the port’s VID. The following table describes the values you need to
configure. Note that these attributes only work when you enable authorization
(see
RADIUS server documentation) to assign a port on the Switch to a VLAN based on
IEEE 802.1x authentication. The port VLAN settings are fixed and untagged. This
will also set the port’s VID. The following table describes the values you need to
configure. Note that these attributes only work when you enable authorization
(see
).
Egress Bandwidth
Assignment
Assignment
Vendor-Id = 890
Vendor-Type = 2
Vendor-data =
egress rate (Kbps in decimal format)
Privilege
Assignment
Assignment
Vendor-ID = 890
Vendor-Type = 3
Vendor-Data = "shell:priv-lvl=N"
or
Vendor-ID = 9
(CISCO)
Vendor-Type = 1
(CISCO-AVPAIR)
Vendor-Data = "shell:priv-lvl=N"
where
N
is a privilege level (from 0 to 14).
Note: If you set the privilege level of a login account differently
on the RADIUS server(s) and the Switch, the user is
assigned a privilege level from the database (RADIUS or
local) the Switch uses first for user authentication.
assigned a privilege level from the database (RADIUS or
local) the Switch uses first for user authentication.
Table 72 Supported VSAs
FUNCTION
ATTRIBUTE
Table 73 Supported Tunnel Protocol Attribute
FUNCTION
ATTRIBUTE
VLAN Assignment
Tunnel-Type = VLAN(13)
Tunnel-Medium-Type = 802(6)
Tunnel-Private-Group-ID =
VLAN ID
Note: You must also create a VLAN with the specified VID on
the Switch.
Note: The bolded values in this table are fixed values as defined
in RFC 3580.