3com 5500-SI Manual De Usuario
Dynamic VLAN Assignment 417
Dynamic VLAN
Assignment
Assignment
Through dynamic VLAN assignment, the Ethernet switch dynamically adds the ports
of the successfully authenticated users to different VLANs depending on the attribute
values assigned by RADIUS server, so as to control the network resources the users
can access.
of the successfully authenticated users to different VLANs depending on the attribute
values assigned by RADIUS server, so as to control the network resources the users
can access.
Currently, the switch supports the following two data types of VLAN IDs assigned by
RADIUS authentication server:
RADIUS authentication server:
■
Integer: The switch adds the port to a VLAN depending on the integer type of
VLAN ID assigned by the RADIUS authentication server. If the VLAN does not exist,
the switch creates the VLAN, and then adds the port to the new VLAN.
VLAN ID assigned by the RADIUS authentication server. If the VLAN does not exist,
the switch creates the VLAN, and then adds the port to the new VLAN.
■
String: The switch compares the character string type of VLAN ID assigned by the
RADIUS authentication server with the existing VLAN names on it. If the switch
finds a match, it adds the port to the corresponding VLAN; otherwise the VLAN
assignment fails and the user fails to pass the authentication.
RADIUS authentication server with the existing VLAN names on it. If the switch
finds a match, it adds the port to the corresponding VLAN; otherwise the VLAN
assignment fails and the user fails to pass the authentication.
In actual application, to co-operate with Guest VLAN, port control is usually set to the
port-based mode. If it is set to the MAC address-based mode, each port can have
only one user end connected.
port-based mode. If it is set to the MAC address-based mode, each port can have
only one user end connected.
Configuring Dynamic
VLAN Assignment
In string mode, if the VLAN name assigned by the RADIUS server is a string that
contains only digital characters (for example, 1024) and the string can be transformed
to an integer number in the valid VLAN range, the switch transforms this string to an
integer number and adds the authenticated port to the VLAN whose ID is this number
(VLAN 1024, for example).
contains only digital characters (for example, 1024) and the string can be transformed
to an integer number in the valid VLAN range, the switch transforms this string to an
integer number and adds the authenticated port to the VLAN whose ID is this number
(VLAN 1024, for example).
If you want to implement the dynamic VLAN assignment function on a port where
both MSTP multi-instance and 802.1x is enabled, you must set the MSTP port to an
edge port.
both MSTP multi-instance and 802.1x is enabled, you must set the MSTP port to an
edge port.
Configuration Example
for Dynamic VLAN
Assignment
Network requirements
■
The RADIUS authentication server (in this example, a Windows IAS server) assigns
a string type of VLAN ID (test).
a string type of VLAN ID (test).
■
The VLAN name corresponding to this assigned VLAN ID is vlan 100.
■
It is required that the switch adds the port to vlan 100 when test is assigned by the
RADIUS server.
RADIUS server.
Configure dynamic VLAN assignment
Operation
Command
Description
Enter system view
system-view
—
Create an ISP domain and
enter its view
enter its view
domain isp-name
—
Set the VLAN assignment
mode to integer
mode to integer
vlan-assignment-mode
integer
integer
By default, this mode is integer.
Set the VLAN assignment
mode to string
mode to string
vlan-assignment-mode string
You must perform one of the two
operations (this one and the
above one)
operations (this one and the
above one)
Create a VLAN and enter its
view
view
vlan vlan_id
—
Set a name for the assigned
VLAN
VLAN
name string
This operation is required when
the VLAN assignment mode is set
to string.
the VLAN assignment mode is set
to string.