Single operating mode, Multiple operating mode, Supplicant vlan attributes on the radius server – Allied Telesis AT-S63 User Manual
Page 395
AT-S63 Management Software Features Guide
Section VIII: Port Security
395
Single Operating
Mode
Here are the operating characteristics for the switch when an authenticator
port is set to the Single operating mode:
If the switch receives a valid VLAN ID or VLAN name from the RADIUS
server, it moves the authenticator port to the designated VLAN and
changes the port to the authorized state. If the piggy-back mode is
disabled, only the authenticated supplicant is allowed to use the port.
All other supplicants are denied entry. If the piggy-back mode is
enabled, all clients are allowed access to the port and the same VLAN
after the initial authentication.
If the switch receives an invalid VLAN ID or VLAN name from the
RADIUS server (e.g., the VID of a nonexistent VLAN), it leaves the port
in the unauthorized state to deny access to the port.
Multiple
Operating Mode
The initial authentication on an authenticator port running in the Multiple
operating mode is handled in the same fashion as with the Single
operating mode. If the switch receives a valid VLAN ID or name from the
RADIUS server, it moves the authenticator port to the designated VLAN
and changes the port to the authorized state.
How the switch handles subsequent authentications on the same port
depends on how you set the Secure VLAN parameter. Your options are as
follows:
If you activate the Secure VLAN feature, only those supplicants with
the same VLAN assignment as the initial supplicant are authenticated.
Supplicants with different VLAN assignments or with no VLAN
assignment are denied access to the port.
If you disable the Secure VLAN feature, all supplicants, regardless of
their assigned VLANs, are authenticated. However, the port remains in
the VLAN specified in the initial authentication.
Supplicant VLAN
Attributes on the
RADIUS Server
The following information must be entered as part of a supplicant’s
account on the RADIUS server when associating a supplicant to a VLAN.
Tunnel-Type
The protocol to be used by the tunnel specified by Tunnel-Private-
Group-Id. The only supported value is VLAN (13).
Tunnel-Medium-Type
The transport medium to be used for the tunnel specified by Tunnel-
Private-Group-Id. The only supported value is 802 (6).
Tunnel-Private-Group-ID
The ID of the tunnel the authenticated user should use. This must be
the name of VID of the VLAN of the switch.