Specifications

ManualsBrandsEnterasys ManualsComputer equipment802.1Q

Configuring Authentication

April 15, 2011 Page 25 of 36

Configuring VLAN Authorization

VLANauthorizationallowsforthedynamicassignmentofuserstothesameVLAN.You

configureVLANauthorizationattributeswithinRADIUS.OntheswitchyouenableVLAN

authorizationbothgloballyandper‐port.VLANauthorizationisdisabledgloballybydefault.

VLANauthorizationisenabledperportbydefault.Youcanalsoset

theVLANegressformat

per‐port.VLANegressformatdefaultstoun‐tagged.VLANegressformatcanbesetasfollows:

• none–Noegressmanipulationwillbemade.

• tagged–TheauthenticatingportwillbeaddedtothecurrenttaggedegressfortheVLAN‐ID

returned.

• untagged–The

authenticatingportwillbeaddedtothecurrentuntaggedegressforthe

VLAN‐IDreturned.

• dynamic–Egressformattingwillbebaseduponinformationcontainedintheauthenticati on

response.

TheVLANauthorizationtablewillalwayslistanytunnelattribute’sVIDsthathavebeenreceived

forauthenticatedendsystems,butaVID

willnotactuallybeassignedunlessVLANauthorization

isenabledbothgloballyandontheauthenticatingport.DynamicVLANauthorizationoverrides

theportPVID.DynamicVLANauthorizationisnotreflectedintheshowportvlandisplay.The

VLANegresslistmaybestaticallyconfigured,enabledbaseduponthesetvlanauthorization

egresscommand,orhavedynamicegressenabledtoallowfullVLANmembershipand

connectivity.

Procedure 12describessettingVLANauthorizationconfiguration.

Setting Dynamic Policy Profile Assignment and Invalid Policy Action

Dynamicpolicyprofileassignmentisimplementedusingthepolicymappingtable.WhenVLAN

authorizationisenabled,authenticatedusersaredynamicallyassignedtothereceivedtunnel

attribute’sVID,unlesspreemptedbyapolicymap‐tableconfigurationentry.Dynamicpolicy

profileassignmentissupportedbymappingaVIDtoapolicyroleupon

receiptofaRADIUS

tunnelattribute.

Display MultiAuth authentication idle timeout values. show multiauth idle-timeout

Display MultiAuth authentication session timeout values. show multiauth session-timeout

Display MultiAuth authentication trap settings. show multiauth trap

Table 3 MultiAuth Authentication Traps Configuration (continued)

Task Command(s)

Procedure 12 VLAN Authorization Configuration

Step Task Command(s)

1. Enable or disable VLAN authorization both

globally and per port.

set vlanauthorization {enable | disable}

2. Reset VLAN authorization configuration to

default values for the specified port-list or for all.

clear valanauthorization {port-list | all}

3. Display VLAN authorization configuration

settings for the specified port-list or for all.

show vlanauthorization {port-list | all}