Allied Telesis AT-S63 User Manual

Chapter 14: 802.1x Port-based Network Access Control

232

Section VI: Port Security

VLAN Assignment

Controls whether an authenticator port
uses the VLAN assignments returned by a
RADIUS server. Options are:

Enabled - Specifies that the authenticator
port is to use the VLAN assignment
returned by the RADIUS server when a
supplicant logs on. This is the default
setting. The port automatically moves to
the designated VLAN after the supplicant
successfully logs on.

Disabled - Specifies that the authenticator
port ignore any VLAN assignment
information returned by the RADIUS
server when a supplicant logs on. The
authenticator port remains in its
predefined VLAN assignment even if the
RADIUS server returns a VLAN
assignment when a supplicant logs on.
This is the default setting.

Secure VLAN

Controls the action of an authenticator
port to subsequent authentications after
the initial authentication where VLAN
assignments have been added to the user
accounts on the RADIUS server. This
parameter only applies when the port is
operating in the Multiple operating mode.
Possible settings are:

On - Specifies that only those supplicants
with the same VLAN assignment as the
initial supplicant are authenticated.
Supplicants with a different or no VLAN
assignment are denied entry to the port.
This is the default setting.

Off - Specifies that all supplicants,
regardless of their assigned VLANs, are
authenticated. However, the port remains
in the VLAN specified in the initial
authentication, regardless of the VLAN
assignments of subsequent
authentications.

Table 41. 802.1 Authenticator Port Parameters

Parameter

Definition