3com WX3000 Manuel D’Utilisation
2-6
upon receiving an integer ID assigned by the RADIUS authentication server, the device adds the
port to the VLAN whose VLAN ID is equal to the assigned integer ID. If no such a VLAN exists, the
device first creates a VLAN with the assigned ID, and then adds the port to the newly created
VLAN.
z
String: If the RADIUS authentication server assigns string type of VLAN IDs, you can set the VLAN
assignment mode to string on the device. Then, upon receiving a string ID assigned by the
RADIUS authentication server, the device compares the ID with existing VLAN names on the
device. If it finds a match, it adds the port to the corresponding VLAN. Otherwise, the VLAN
assignment fails and the user fails the authentication.
In actual applications, to use this feature together with Guest VLAN, you should better set port control to
port-based mode. For more information, refer to the section discussing basic 802.1x configuration in
802.1x Operation.
Follow these steps to configure dynamic VLAN assignment
To do…
Use the command…
Remarks
Enter system view
system-view
—
Create an ISP domain and
enter its view
enter its view
domain isp-name —
Set the VLAN assignment
mode
mode
vlan-assignment-mode
{ integer | string }
{ integer | string }
Optional
By default, the VLAN
assignment mode is integer.
assignment mode is integer.
Create a VLAN and enter its
view
view
vlan vlan-id
—
Set a VLAN name for VLAN
assignment
assignment
name string
This operation is required if the
VLAN assignment mode is set
to string.
VLAN assignment mode is set
to string.
z
In string mode, if the VLAN ID assigned by the RADIUS server is a character string containing only
digits (for example, 1024), the device first regards it as an integer VLAN ID: the device transforms
the string to an integer value and judges if the value is in the valid VLAN ID range; if it is, the device
adds the authenticated port to the VLAN with the integer value as the VLAN ID (VLAN 1024, for
example).
z
To implement dynamic VLAN assignment on a port where both MSTP and 802.1x are enabled, you
must set the MSTP port to an edge port.
Configuring the Attributes of a Local User
When local scheme is chosen as the AAA scheme, you should create local users on the device and
configure the relevant attributes.
The local users are users set on the device, with each user uniquely identified by a user name. To make
a user who is requesting network service pass local authentication, you should add an entry in the local
user database on the device for the user.