ZyXEL Communications GS-2724 User Manual

Chapter 16 Port Authentication

GS-2724 User’s Guide

122

"

Refer to the documentation that comes with your RADIUS server on how to
configure a VSA.

The following table describes the VSAs supported on the Switch.

16.1.1.2 Tunnel Protocol Attribute

You can configure tunnel protocol attributes on the RADIUS server to assign a port on the
Switch to a VLAN (fixed, untagged). This will also set the port’s VID. Refer to RFC 3580 for
more information.

Table 35 Supported VSA

FUNCTION

ATTRIBUTE

Ingress Bandwidth

Assignment

Vendor-Id = 890

(ZyXEL)

Vendor-Type = 1
Vendor-data =

ingress rate (decimal)

Egress Bandwidth

Assignment

Vendor-Id = 890

(ZyXEL)

Vendor-Type = 2
Vendor-data =

egress rate (decimal)

Privilege Assignment

Vendor-ID = 890

(ZyXEL)

Vendor-Type = 3
Vendor-Data = "shell:priv-lvl=N"
or
Vendor-ID = 9

(CISCO)

Vendor-Type = 1

(CISCO-AVPAIR)

Vendor-Data = "shell:priv-lvl=N"
where

N

is a privilege level (from 0 to 14).

Note: If you set the privilege level of a login account differently

on the RADIUS server(s) and the Switch, the user is
assigned a privilege level from the database (RADIUS or
local) the Switch uses first for user authentication.

Table 36 Supported Tunnel Protocol Attribute

FUNCTION

ATTRIBUTE

VLAN Assignment

Tunnel-Type = VLAN(13)
Tunnel-Medium-Type = 802(6)
Tunnel-Private-Group-ID =

VLAN ID

Note: You must also create a VLAN with the specified VID on

the Switch.