LevelOne GSW-4876 User Manual

Page 92

Advertising
background image

C

HAPTER

4

| Configuring the Switch

Configuring Security

– 92 –

Failure to configure the received profiles on the authenticated

port.

When the last user logs off on a port with a dynamic QoS

assignment, the switch restores the original QoS configuration for

the port.

When a user attempts to log into the network with a returned

dynamic QoS profile that is different from users already logged on

to the same port, the user is denied access.

While a port has an assigned dynamic QoS profile, any manual QoS

configuration changes only take effect after all users have logged
off the port.

RADIUS-Assigned VLAN Enabled - RADIUS-assigned VLAN provides

a means to centrally control the VLAN on which a successfully

authenticated supplicant is placed on the switch. Incoming traffic will

be classified to and switched on the RADIUS-assigned VLAN. The

RADIUS server must be configured to transmit special RADIUS

attributes to take advantage of this feature.

The “RADIUS-Assigned VLAN Enabled” checkbox provides a quick way

to globally enable/disable RADIUS-server assigned VLAN functionality.

When checked, the individual port settings determine whether RADIUS-

assigned VLAN is enabled for that port. When unchecked, RADIUS-

server assigned VLAN is disabled for all ports.

When RADIUS-Assigned VLAN is both globally enabled and enabled for

a given port, the switch reacts to VLAN ID information carried in the

RADIUS Access-Accept packet transmitted by the RADIUS server when

a supplicant is successfully authenticated. If present and valid, the

port's Port VLAN ID will be changed to this VLAN ID, the port will be set

to be a member of that VLAN ID, and the port will be forced into VLAN-

unaware mode. Once assigned, all traffic arriving on the port will be

classified and switched on the RADIUS-assigned VLAN ID.

If (re-)authentication fails or the RADIUS Access-Accept packet no

longer carries a VLAN ID or it's invalid, or the supplicant is otherwise no

longer present on the port, the port's VLAN ID is immediately reverted

to the original VLAN ID (which may be changed by the administrator in

the meanwhile without affecting the RADIUS-assigned setting).

This option is only available for single-client modes, i.e. port-based

802.1X and Single 802.1X.

N

OTE

:

For trouble-shooting VLAN assignments, use the Monitor > VLANs >

VLAN Membership and VLAN Port pages. These pages show which modules

have (temporarily) overridden the current Port VLAN configuration.

Advertising
Popular Brands
Popular manuals