Manualshelf

Manual

ManualsBrandsQTECH ManualsAccessories communicationQSW-3400 Инструкция по настройке
331332333334335336337338339340
+7(495) 797-3311 www.qtech.ru
Москва, Новозаводская ул., 18, стр. 1
330
When the MAC-based method is used, all the users accessing a port should be
authenticated separately, only those pass the authentication can access the network,
while the others can not. When one user becomes offline, the other users will not be
affected.
When the user-based (IP address+ MAC address+ port) method is used, all users can
access limited resources before being authenticated. There are two kinds of control in
this method: standard control and advanced control. The user-based standard control
will not restrict the access to limited resources, which means all users of this port can
access limited resources before being authenticated. The user-based advanced control
will restrict the access to limited resources, only some particular users of the port can
access limited resources before being authenticated. Once those users pass the
authentication, they can access all resources.
Attention: when using private supplicant systems, user-based advanced control is
recommended to effectively prevent ARP cheat.
The maximum number of the authenticated users can be 4000, but less than 2000 will be
preferred.
40.1.7 The Features of VLAN Allocation
1. Auto VLAN
Auto VLAN feature enables RADIUS server to change the VLAN to which the access port
belongs, based on the user information and the user access device information. When an
802.1x user passes authentication on the server, the RADIUS server will send the
authorization information to the device, if the RADIUS server has enabled the VLAN-assigning
function, then the following attributes should be included in the Access-Accept messages:
Tunnel-Type = VLAN (13)
Tunnel-Medium-Type = 802 (6)
Tunnel-Private-Group-ID = VLANID
The VLANID here means the VID of VLAN, ranging from 1 to 4094. For example, Tunnel-
Private-Group-ID = 30 means VLAN 30.
When the switch receives the assigned Auto VLAN information, the current Access port will
leave the VLAN set by the user and join Auto VLAN.
Auto VLAN won’t change or affect the port’s configuration. But the priority of Auto VLAN is
higher than that of the user-set VLAN, that is Auto VLAN is the one takes effect when the
authentication is finished, while the user-set VLAN do not work until the user become offline.