3Com WX3000 Configuring the Attributes of a Local User

2-6

upon receiving an integer ID assigned by the RADIUS authentication server, the device adds the

port to the VLAN whose VLAN ID is equal to the assigned integer ID. If no such a VLAN exists, the

device first creates a VLAN with the assigned ID, and then adds the port to the newly created

VLAN.

z String: If the RADIUS authentication server assigns string type of VLAN IDs, you can set the VLAN

assignment mode to string on the device. Then, upon receiving a string ID assigned by the

RADIUS authentication server, the device compares the ID with existing VLAN names on the

device. If it finds a match, it adds the port to the corresponding VLAN. Otherwise, the VLAN

assignment fails and the user fails the authentication.

In actual applications, to use this feature together with Guest VLAN, you should better set port control to

port-based mode. For more information, refer to the section discussing basic 802.1x configuration in

802.1x Operation.

Follow these steps to configure dynamic VLAN assignment

To do… Use the command… Remarks

Enter system view system-view —

Create an ISP domain and

enter its view domain isp-name —

Set the VLAN assignment

mode vlan-assignment-mode

{ integer | string }

Optional

By default, the VLAN

assignment mode is integer.

Create a VLAN and enter its

view vlan vlan-id —

Set a VLAN name for VLAN

assignment name string This operation is required if the

VLAN assignment mode is set

to string.

z In string mode, if the VLAN ID assigned by the RADIUS server is a character string containing only

digits (for example, 1024), the device first regards it as an integer VLAN ID: the device transforms

the string to an integer value and judges if the value is in the valid VLAN ID range; if it is, the device

adds the authenticated port to the VLAN with the integer value as the VLAN ID (VLAN 1024, for

example).

z To implement dynamic VLAN assignment on a port where both MSTP and 802.1x are enabled, you

must set the MSTP port to an edge port.

Configuring the Attributes of a Local User

When local scheme is chosen as the AAA scheme, you should create local users on the device and

configure the relevant attributes.

The local users are users set on the device, with each user uniquely identified by a user name. To make

a user who is requesting network service pass local authentication, you should add an entry in the local

user database on the device for the user.