3com 4210 PWR 9-Port 3CR17341-91-ME 用户手册
产品代码
3CR17341-91-ME
AAA Configuration Task List
249
■
Integer: If the RADIUS authentication server assigns integer type of VLAN IDs,
you can set the VLAN assignment mode to integer on the switch (this is also
the default mode on the switch). Then, upon receiving an integer ID assigned
by the RADIUS authentication server, the switch adds the port to the VLAN
whose VLAN ID is equal to the assigned integer ID. If no such a VLAN exists, the
switch first creates a VLAN with the assigned ID, and then adds the port to the
newly created VLAN.
you can set the VLAN assignment mode to integer on the switch (this is also
the default mode on the switch). Then, upon receiving an integer ID assigned
by the RADIUS authentication server, the switch adds the port to the VLAN
whose VLAN ID is equal to the assigned integer ID. If no such a VLAN exists, the
switch first creates a VLAN with the assigned ID, and then adds the port to the
newly created VLAN.
■
String: If the RADIUS authentication server assigns string type of VLAN IDs, you
can set the VLAN assignment mode to string on the switch. Then, upon
receiving a string ID assigned by the RADIUS authentication server, the switch
compares the ID with existing VLAN names on the switch. If it finds a match, it
adds the port to the corresponding VLAN. Otherwise, the VLAN assignment
fails and the user fails the authentication.
can set the VLAN assignment mode to string on the switch. Then, upon
receiving a string ID assigned by the RADIUS authentication server, the switch
compares the ID with existing VLAN names on the switch. If it finds a match, it
adds the port to the corresponding VLAN. Otherwise, the VLAN assignment
fails and the user fails the authentication.
In actual applications, to use this feature together with Guest VLAN, you should
better set port control to port-based mode. For more information, refer to “802.1x
Configuration” on page 211.
better set port control to port-based mode. For more information, refer to “802.1x
Configuration” on page 211.
c
CAUTION:
■
In string mode, if the VLAN ID assigned by the RADIUS server is a character
string containing only digits (for example, 1024), the switch first regards it as
an integer VLAN ID: the switch transforms the string to an integer value and
judges if the value is in the valid VLAN ID range; if it is, the switch adds the
authenticated port to the VLAN with the integer value as the VLAN ID (VLAN
1024, for example).
string containing only digits (for example, 1024), the switch first regards it as
an integer VLAN ID: the switch transforms the string to an integer value and
judges if the value is in the valid VLAN ID range; if it is, the switch adds the
authenticated port to the VLAN with the integer value as the VLAN ID (VLAN
1024, for example).
■
To implement dynamic VLAN assignment on a port where both MSTP and
802.1x are enabled, you must set the MSTP port to an edge port.
802.1x are enabled, you must set the MSTP port to an edge port.
Configuring the
Attributes of a Local
User
When local scheme is chosen as the AAA scheme, you should create local users
on the switch and configure the relevant attributes.
on the switch and configure the relevant attributes.
The local users are users set on the switch, with each user uniquely identified by a
user name. To make a user who is requesting network service pass local
authentication, you should add an entry in the local user database on the switch
for the user.
user name. To make a user who is requesting network service pass local
authentication, you should add an entry in the local user database on the switch
for the user.
Table 185 Configure dynamic VLAN assignment
Operation
Command
Remarks
Enter system view
system-view
-
Create an ISP domain and
enter its view
enter its view
domain isp-name
-
Set the VLAN assignment
mode
mode
vlan-assignment-mode {
integer | string }
integer | string }
Optional
By default, the VLAN
assignment mode is integer.
assignment mode is integer.
Create a VLAN and enter its
view
view
vlan vlan-id
-
Set a VLAN name for VLAN
assignment
assignment
name string
This operation is required if
the VLAN assignment mode is
set to string.
the VLAN assignment mode is
set to string.