Specifications
set vlanauthorization
SecureStack B2 Configuration Guide 19-47
Whenausersuccessfullyauthenticatestothenetwork,theRADIUSserverreturnsanAccess‐
Acceptframe.Thisframecanhavemanyattributes,twoofwhichareaFilterID(whichishow
policyassignmentisachieved)andRFC3580VLANassignment.
Ifaswitchisintunnelmode:
•TheFID(FilterID)
isalwaysignored,butDefaultpolicyrulesstillapply.
•TheVLANattributeisusedifpresent,andifVLANauthorization isenabled.See“set
vlanauthorization”onpage 19‐47.
Ifaswitchisinpolicymode:
•IftheAccess‐AcceptframehastheFIDattributeonly,thentheFIDisused.
•If
theAccess‐AcceptframehastheVLANattributeonly,thenitisusedprovidedthatVLAN
authorizationisenabled.See“setvlanauthorization”onpage 19‐47.
•Ifbothattributesarereturned,usetheFIDonly.
Examples
Thisexampleshowshowtosetthepolicymaptableresponsetotunnel:
B2(rw)-> set policy maptable response tunnel
set vlanauthorization
EnableordisabletheuseoftheRADIUSVLANtunnelattributetoputaportintoaparticular
VLANbasedontheresultofauthentication.
Syntax
set vlanauthorization {enable | disable} [port-string]
Parameters
Defaults
VLANauthenticationisdisabledbydefault.
Mode
Switchcommand,read‐write.
Examples
ThisexampleshowshowtoenableVLANauthenticationforallGigabitEthernetports:
B2(rw)-> set vlanauthorization enable ge.*.*
ThisexampleshowshowtodisableVLANauthenticationforallGigabitEthernetportsonswitch
unit/module 3:
B2(rw)-> set vlanauthorization disable ge.3.*
enable|disable Enablesordisablesvlanauthorization/tunnelattributes.
port‐string (Optional)SpecifieswhichportstoenableordisabletheuseofVLAN
tunnelattributes/authorization.Foradetaileddescriptionofpossibleport‐
stringvalues,referto“PortStringSyntaxUsedintheCLI”onpage 7‐2.