Configuring dynamic vlan assignment – H3C Technologies H3C S3100 Series Switches User Manual

Page 422

Advertising
background image

2-8

Configuring Dynamic VLAN Assignment

The dynamic VLAN assignment feature enables a switch to dynamically add the switch ports of

successfully authenticated users to different VLANs according to the attributes assigned by the

RADIUS server, so as to control the network resources that different users can access.

Currently, the switch supports the following two types of assigned VLAN IDs: integer and string.

z

Integer: If the RADIUS authentication server assigns integer type of VLAN IDs, you can set the

VLAN assignment mode to integer on the switch (this is also the default mode on the switch). Then,

upon receiving an integer ID assigned by the RADIUS authentication server, the switch adds the

port to the VLAN whose VLAN ID is equal to the assigned integer ID. If no such a VLAN exists, the

switch first creates a VLAN with the assigned ID, and then adds the port to the newly created

VLAN.

z

String: If the RADIUS authentication server assigns string type of VLAN IDs, you can set the VLAN

assignment mode to string on the switch. Then, upon receiving a string ID assigned by the RADIUS

authentication server, the switch compares the ID with existing VLAN names on the switch. If it

finds a match, it adds the port to the corresponding VLAN. Otherwise, the VLAN assignment fails

and the user fails the authentication.

In actual applications, to use this feature together with Guest VLAN, you should better set port control to

port-based mode. For more information, refer to the section “Basic 802.1x Configuration” of 802.1x

Operation Manual.

Table 2-6 Configure dynamic VLAN assignment

Operation

Command

Remarks

Enter system view

system-view

Create an ISP domain and
enter its view

domain isp-name

Set the VLAN assignment
mode

vlan-assignment-mode
{ integer | string }

Optional

By default, the VLAN assignment
mode is integer.

Create a VLAN and enter its
view

vlan vlan-id

Set a VLAN name for VLAN
assignment

name string

This operation is required if the VLAN
assignment mode is set to string.

Advertising
Popular Brands
Popular manuals