Attribute  Name   Type

Tunnel-Type 

   064 

 13 

– 

VLAN 

  065 

(decimal) 

– 

802 

(string) – either the name or the number  

of a VLAN configured on the Foundry device 

The following occurs under Dynamic VLAN Assignment: 

1.  When the user enters their 802.1X credentials, the Foundry device sends the information to the IAS server 

using the RADIUS protocol. 

2.  The Remote Access Policies on the IAS server is used to determine if the user’s account is a member of a 

particular VLAN Group.  If the user account is part of a VLAN Group and the authentication is successful, the 

VLAN ID associated with the VLAN Group is sent back to the Foundry device using the RADIUS Tunnel-

Private-Group-ID attribute. 

3.  The port on the Foundry device is dynamically assigned to the VLAN matching the VLAN ID and the user 

becomes a member of the Port-Based VLAN. 

•  If the Tunnel-Type or the Tunnel-Medium-Type attributes in the RADIUS Access-Accept message do not have 

authentication credentials supplied were valid, the Foundry device authorizes the port, but the port is not 

dynamically placed in a VLAN.  Otherwise, the client is not authorized. 

•  If the Tunnel-Type or the Tunnel-Medium-Type attributes in the RADIUS Access-Accept message have the 

values specified above, but there is no value specified for the Tunnel-Private-Group-ID attribute, the client 

will not be authorized. 

•  When the Foundry device receives the value specified for the Tunnel-Private-Group-ID attribute, it checks its 

VLANs for a match using both the name and the numeric ID.  If there is a match, the port is placed in the 

VLAN whose ID corresponds to the VLAN Name or ID.  If there is no match, the client is not authorized. 

March 2003 

18

Version 1.0.0 

tải về 1.4 Mb.

Chia sẻ với bạn bè của bạn: