ZyXEL Communications MES3500-24 Manual Do Utilizador

Chapter 25 AAA

MES3500-24/24F User’s Guide

The following table describes the VSAs supported on the Switch. Note that these attributes only 
work when you enable authorization (see 

).

You can configure tunnel protocol attributes on the RADIUS server (refer to your RADIUS server 
documentation) to assign a port on the Switch to a VLAN based on IEEE 802.1x authentication. The 
port VLAN settings are fixed and untagged. This will also set the port’s VID. The following table 
describes the values you need to configure. Note that these attributes only work when you enable 
authorization (see 

).

Remote Authentication Dial-In User Service (RADIUS) attributes are data used to define specific 
authentication, and accounting elements in a user profile, which is stored on the RADIUS server. 
This section lists the RADIUS attributes supported by the Switch.

Supported VSAs 

Ingress Bandwidth 
Assignment   

Vendor-Id = 890 

Vendor-Type = 1 

Vendor-data = 

ingress rate (Kbps in decimal format) 

Egress Bandwidth 
Assignment

Vendor-Id = 890 

Vendor-Type = 2 

Vendor-data = 

egress rate (Kbps in decimal format) 

Privilege Assignment 

Vendor-ID = 890 

Vendor-Type = 3 

Vendor-Data = "shell:priv-lvl=N" 

or

Vendor-ID = 9 

(CISCO)

Vendor-Type = 1 

(CISCO-AVPAIR)

Vendor-Data = "shell:priv-lvl=N" 

where 

N

 is a privilege level (from 0 to 14). 

Note: If you set the privilege level of a login account differently on the RADIUS server(s) 

and the Switch, the user is assigned a privilege level from the database 
(RADIUS or local) the Switch uses first for user authentication. 

Supported Tunnel Protocol Attribute

VLAN Assignment

Tunnel-Type = VLAN(13)

Tunnel-Medium-Type = 802(6)

Tunnel-Private-Group-ID = 

VLAN ID 

Note: You must also create a VLAN with the specified VID on the Switch.

Note: The bolded values in this table are fixed values as defined in RFC 3580.