3Com Switch 7750 Configuration Guide Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve 8116fl Redundant Switch Fabric Module

491

492

493

494

495

496

497

498

499

500

500 CHAPTER 48: AAA & RADIUS & HWTACACS CONFIGURATION

executed, the authorization information returned from the RADIUS or local

scheme still takes effect.

Configuring Dynamic

VLAN Assignment

The dynamic VLAN assignment feature enables a switch to dynamically add the

switch ports of successfully authenticated users to different VLANs according to

the attributes assigned by the RADIUS server, so as to control the network

resources that different users can access.

Currently, the switch supports the RADIUS authentication server to assign the

following two types of VLAN IDs: integer and string.

■ Integer: If the RADIUS server assigns integer type of VLAN IDs, you can set the

VLAN assignment mode to integer on the switch (this is also the default mode

on the switch). Then, upon receiving an integer ID assigned by the RADIUS

authentication server, the switch adds the port to the VLAN whose VLAN ID is

equal to the assigned integer ID. If no such a VLAN exists, the switch first

creates a VLAN with the assigned ID, and then adds the port to the newly

created VLAN.

■ String: If the RADIUS server assigns string type of VLAN IDs, you can set the

VLAN assignment mode to string on the switch. Then, upon receiving a string

ID assigned by the RADIUS authentication server, the switch compares the ID

with existing VLAN names on the switch. If it finds a match, it adds the port to

the corresponding VLAN. Otherwise, the VLAN assignment fails and the user

cannot pass the authentication.

The switch supports the integer mode and string mode of dynamic VLAN

assignments to adapt to authentication server. Different servers assign VLANs in

different ways. You are recommended to configure the switch based on the mode

of dynamic VLAN assignment used by the server.

In actual applications, to use this feature together with Guest VLAN, you should

better set port control to port-based mode.

Tabl e 378 Common VLAN assignment modes for RADIUS server

Server type Dynamic VLAN assignment mode

CAMS

Integer (For the latest version, whether the

mode is integer or string depends on attribute

value.)

ACS String

FreeRADIUS

Determined by attribute value (A value of 100

represents the integer mode and a value of

"100" represents the string mode).

Shiva Access Manager String

Steel-Belted Radius Administrator String

Tabl e 379 Configure dynamic VLAN assignment

Operation Command Description

Enter system view system-view -

Create an ISP domain and

enter its view

domain isp-name -