Netgear XCM8806 - 8800 SERIES 6-SLOT CHASSIS SWITCH ユーザーズマニュアル

If network login is enabled together with STP, the 'a' and 'u' flags are 

controlled by network login only when the STP port state is 
‘Forwarding.’

The following example configures the network login MAC-based VLAN feature: 

create vlan users12

create vlan nlvlan

configure netlogin vlan nlvlan

enable netlogin mac

enable netlogin ports 1:1-1:10 mac

configure netlogin ports 1:1-1:10 mode mac-based-vlans

configure netlogin add mac-list default MySecretPassword

Expanding upon the previous example, you can also utilize the local database for 
authentication rather than the RADIUS server:

create netlogin local-user 000000000012 vlan-vsa untagged default

create netlogin local-user 000000000010 vlan-vsa untagged users12

For more information about local database authentication, see 

on page 397.

Configuring Dynamic VLANs for Network Login

During an authentication request, network login receives a destination VLAN (if configured on 
the RADIUS server) to put the authenticated user in. The VLAN must exist on the switch for 
network login to authenticate the client on that VLAN. 

You can configure the switch to dynamically create a VLAN after receiving an authentication 
response from a RADIUS server. A dynamically created VLAN is only a Layer 2 bridging 
mechanism; this VLAN does not work with routing protocols to forward traffic. If configured for 
dynamic VLAN creation, the switch automatically creates a supplicant VLAN that contains 
both the supplicant’s physical port and one or more uplink ports. After the switch 
unauthenticates all of the supplicants from the dynamically created VLAN, the switch deletes 
that VLAN.

Dynamically created VLANs do not support the session refresh 

feature of web-based network login because dynamically created 
VLANs do not have an IP address.