Netgear GSM7228PS - ProSAFE 28 ports Gigabit Ethernet L2 Managed Stackable Switch with PoE Guía De Administador

After a port is in an authorized state, if any client initiates dot1x authentication, the port 

clears authenticated clients’ states, and in the process clears the VLAN assigned to the 
port (if any). Then the port continues with the new client authentication and authorization 
process. 

When a client authenticates itself initially on the network, the switch acts as the 

authenticator to the clients on the network and forwards the authentication request to the 
RADIUS server in the network. 

For use in VLAN assignment, the following tunnel attributes are used:

Tunnel-Type = VLAN (13)

Tunnel-Medium-Type = 802

Tunnel-Private-Group-ID = VLANID where VLANID is 12 bits, with a value between 1 and 

4094.

192.168.0.1
RADIUS
server

192.168.0.3
Host

1/0/6

1/0/5

1/0/5

192.168.0.5
Switch

vlan2000

Host 1/0/12

In the previous figure, the switch has placed the host in the VLAN (vlan2000) based on the 
user details of the clients. 

The configureation on a RADIUS server for a user logged in as admin is:

Tunnel-Type = VLAN (13)

Tunnel-Medium-Type = 802

Tunnel-Private-Group-ID = 2000

CLI: Assign VLANS Using RADIUS

(Netgear Switch) #network protocol none 

Changing protocol mode will reset ip configuration.

Are you sure you want to continue? (y/n) y

(Netgear Switch) #network parms 192.168.0.5 255.255.255.0

(Netgear Switch) #vlan database

(Netgear Switch) (Vlan)#vlan 2000

(Netgear Switch) #exit

Create VLAN 2000.