Manualshelf

Owner's Manual

ManualsBrandsNetgear ManualsHubsNetgear XCM8806
481482483484485486487488489490
484 | Chapter 17. Security
NETGEAR 8800 User Manual
The following sections provide additional information on using the NETGEAR VSAs listed in
Table 51:
VSA 201: NETGEAR-CLI-Authorization on page 484
VSA 203: NETGEAR-Netlogin-VLAN-Name on page 484
VSA 204: NETGEAR-Netlogin-URL on page 485
VSA 205: NETGEAR-Netlogin-URL-Desc on page 485
VSA 206: NETGEAR-Netlogin-Only on page 486
VSA 209: NETGEAR-Netlogin-VLAN-ID on page 486
VSA 211: NETGEAR-Netlogin-Extended-Vlan on page 487
The examples in the following sections are formatted for use in the FreeRADIUS users file. If
you use another RADIUS server, the format might be different.
Note: For information on how to use and configure your RADIUS server,
see the documentation that came with your RADIUS server.
Note: For untagged VLAN movement with 802.1x netlogin, you can use all
current NETGEAR VLAN VSAs: VSA 203, VSA 209, and VSA 211.
VSA 201: NETGEAR-CLI-Authorization
This attribute specifies whether command authorization is to be enabled or disabled for the
user on the XCM8800 switch. If command authorization is disabled, the user has full access
to all CLI commands. If command authorization is enabled, each command the user enters is
accepted or rejected based on the contents of the profiles file on the RADIUS server. For
more information on RADIUS server configuration for command authorization, see
Configuring Command Authorization (RADIUS Profiles) on page 489.
When added to the RADIUS users file, the following example enables command
authorization for the associated user:
Netgear: Netgear-CLI-Authorization = enabled
When added to the RADIUS users file, the following example disables command
authorization for the associated user:
Netgear: Netgear-CLI-Authorization = disabled
VSA 203: NETGEAR-Netlogin-VLAN-Name
This attribute specifies a destination VLAN name that the RADIUS server sends to the switch
after successful authentication. The VLAN must already exist on the switch. When the switch
receives the VSA, it adds the authenticated user to the VLAN.