PLANET SGSW-24040 User Manual

Page 230

Advertising
background image

User’s Manual of SGSW-24040 / 24240 Series

230

• Single 802.1X

RADIUS attributes used in identifying a QoS Class:

Refer to the written documentation for a description of the RADIUS attributes

needed in order to successfully identify a QoS Class. The User-Priority-Table

attribute defined in RFC4675 forms the basis for identifying the QoS Class in an

Access-Accept packet.

Only the first occurrence of the attribute in the packet will be considered, and to

be valid, it must follow this rule:

All 8 octets in the attribute's value must be identical and consist of ASCII

characters in the range '0' - '3', which translates into the desired QoS Class in the

range [0; 3].

RADIUS-Assigned

VLAN Enabled

- When RADIUS-Assigned VLAN is both globally enabled and enabled

(checked) for a given port, the switch reacts to VLAN ID information

carried in the RADIUS Access-Accept packet transmitted by the

RADIUS server when a supplicant is successfully authenticated. If

present and valid, the port's Port VLAN ID will be changed to this VLAN

ID, the port will be set to be a member of that VLAN ID, and the port will

be forced into VLAN unaware mode. Once assigned, all traffic arriving

on the port will be classified and switched on the RADIUS-assigned

VLAN ID.

If (re-)authentication fails or the RADIUS Access-Accept packet no

longer carries a VLAN ID or it's invalid, or the supplicant is otherwise no

longer present on the port, the port's VLAN ID is immediately reverted to

the original VLAN ID (which may be changed by the administrator in the

meanwhile without affecting the RADIUS-assigned).

This option is only available for single-client modes, i.e.

• Port-based 802.1X

• Single 802.1X

For trouble-shooting VLAN assignments, use the

"Monitor

→VLANs→VLAN Membership and VLAN Port" pages. These

pages show which modules have (temporarily) overridden the current

Port VLAN configuration.

RADIUS attributes used in identifying a VLAN ID:

RFC2868 and RFC3580 form the basis for the attributes used in identifying a

VLAN ID in an Access-Accept packet. The following criteria are used:

- The Tunnel-Medium-Type, Tunnel-Type, and Tunnel-Private-Group-ID

attributes must all be present at least once in the Access-Accept packet.

- The switch looks for the first set of these attributes that have the same

Advertising
This manual is related to the following products:

SGSW-24040R, SGSW-24040HP, SGSW-24040P, SGSW-24040P4, SGSW-24240, SGSW-24240R

Popular Brands
Popular manuals