Manualshelf

Users Guide

ManualsBrandsDell ManualsAccess PlatformsPowerSwitch N1500 Series
931932933934935936937938939940
Security Commands 938
Command Mode
Global Configuration mode
User Guidelines
The RADIUS server can place a port in a particular VLAN based on the result
of the authentication. VLAN assignment must be configured on the external
RADIUS server using the RADIUS TUNNEL-TYPE attribute and others. See
RADIUS Commands
and
Security Commands
for further information.
If the port is configured to use authentication host-mode multi-auth or
multi-domain-multi-host and the port is configured as a general mode port,
each authenticating data device is placed into the assigned VLAN. Device
packets are identified by their source MAC address.
If the port is configured to use 802.1X port control auto mode and the port is
configured as an access mode port, the PVID of the port is updated for the
first data device authentication. Only the first assignment of the PVID takes
effect. All subsequent valid authentications will be placed into the first PVID
assigned, regardless of the received VLAN ID.
RADIUS-assigned VLANs may be dynamically created. Use the
authentication dynamic-vlan enable command to enable dynamic VLAN
creation.
Example
The following example enables RADIUS-assigned VLANs.
console(config)#aaa authorization network default radius
aaa ias-user username
Use the aaa ias-user username command in Global Configuration mode to
configure IAS users and their attributes. Username and password attributes
are supported. The ias-user name is composed of up to 64 alphanumeric
characters. This command also changes the mode to a user Configuration
mode. Use the no form of this command to remove the user from the internal
user database.
Syntax
aaa ias-user username user