Manualshelf

Specifications

ManualsBrandsAllied Telesis ManualsComputer equipmentRapier 8
11121314151617181920
8-14 Rapier Switch Software Reference
Software Release 2.7.3
C613-03098-00 REV A
Single-host mode In single host mode, VLAN assignment is as follows:
If authentication fails, the supplicant is denied access to the port. The port
is placed in its configured access VLAN, that is, the VLAN it was set up for
in the add vlan command.
If the RADIUS server supplies valid VLAN information, the port is placed
in the specified VLAN after configuration.
If the RADIUS server supplies invalid VLAN information, the port is
returned to the Unauthorised state, and placed in its configured access
VLAN.
If the RADIUS server supplies no VLAN information, the port is placed in
its configured access VLAN after successful authentication.
If port authentication is disabled on the port, the port is returned to its
configured access VLAN.
When the port is in the Force Authorized, Force Unauthorized or the
Unauthorized state, it is placed in its configured access VLAN.
While the port is in a RADIUS server assigned VLAN, changes to the port's
configured access VLAN do not take effect until the port leaves the assigned
VLAN. This can occur if:
the last authentication session on the port expires
the link goes down
port authentication is disabled on the port
port authentication is disabled on the system
Multi-supplicant mode VLAN assignment can be run in multi-supplicant mode, if the multi-supplicant
mode is enabled. In multi-supplicant mode, the behaviour is dictated by which
supplicant is authenticated first.
If the multi-supplicant mode is enabled on a port authentication port, the
behaviour of the first authenticated supplicant is the same as that of a
supplicant in single-supplicant mode. For all further supplicants, the
securevlan parameter specifies the action that is taken when authenticating
any supplicants after the first supplicant has authenticated. There are two
possible actions:
securevlan=on
Only those supplicants with a VLAN that is the same as that of the first
authenticated supplicant are authenticated. This is the default, and is the
more secure action.
securevlan=off
All further authenticated supplicants are placed in the same VLAN as the
first authenticated supplicant. This action is less secure.
802.1x Guest VLAN
802.1x ports can be configured with a limited access guest VLAN, which is
used when no 802.1x host is currently attached to the port. This limited access
VLAN is defined using the guestvlan parameter.
As soon as a single 802.1x packet is received on the port, it is removed from the
guest VLAN, and put into its configured access VLAN in the Unauthenticated