Specifications

ManualsBrandsAllied Telesis ManualsComputer equipmentRapier 8

Switching 8-13

Software Release 2.7.3

C613-03098-00 REV A

■ Connect 802.1q-compatible switches together through one port on each

switch

Devices that are members of the same VLAN exchange data with each other

through the switch’s switching capabilities. To exchange data between devices

in separate VLANs, the switch’s routing capabilities are used. The switch

passes VLAN status information, indicating whether a VLAN is up or down, to

the Internet Protocol (IP) module. IP uses this information to determine route

availability.

The switch has a maximum of 63 VLANs, or 255 for a Rapier i Series switch

ranging from a VLAN identifier (VID) of 1 to 4094.

When the switch is first powered up, a “default” VLAN is created and all ports

are added to it. In this initial unconfigured state, the switch broadcasts all the

packets it receives to the default VLAN. This VLAN has a VID of 1 and an

interface name of vlan1. It cannot be deleted, and ports can be removed from it

only when they also belong to at least one other VLAN. When all devices on

the physical LAN belong to the same logical LAN (same broadcast domain),

the default settings are acceptable and no additional VLAN configuration is

necessary.

Dynamic VLAN Assignment

Dynamic VLAN assignment allows a supplicant to be placed into a specific

VLAN based on information returned from the RADIUS server during

authentication. This limits the network access of a supplicant to a specific

VLAN that is tied to their authentication, and prevents supplicants from

connecting to VLANs for which they are not authorised. A port's VLAN

assignment is determined by the first supplicant to be authenticated on the

port.

VLAN assignment is enabled or disabled using the vlanassignment parameter

of port authentication commands.

The Configured and Actual fields of the show vlan command show which

ports are configured for the VLAN and which have been dynamically assigned

to the VLAN.

Radius attributes The RADIUS server provides information to the authenticator using RADIUS

tunnel attributes, as defined in RFC 2868, RADIUS Attributes for Tunnel Protocol

Support. The tunnel attributes that must be configured for VLAN assignment

are:

■ Tunnel-Type

The protocol to be used for the tunnel specified by

Tunnel-Private-Group-Id. VLAN (13) is the only supported value.

■ Tunnel-Medium-Type

The transport medium to be used for the tunnel specified by

Tunnel-Private-Group-Id. 802 (6) is the only supported value.

■ Tunnel-Private-Group-ID

The ID of the tunnel the authenticated user should use. This must be the

name or ID number of a VLAN on the switch.

These tunnel attributes are included in the Access-Accept message from the

RADIUS server to the Authenticator.