Enterasys Networks D2G124-12, D2G124-12P Configuring VLAN Authorization (RFC 3580)

Configuring VLAN Authorization (RFC 3580)

D-Series CLI Reference 15-41

Parameters

Defaults

Ifnoauthenticationmethodisspecified,thesessiontimeoutvalueisresettoitsdefaultvalueof0

forallauthenticationmethods.

Mode

Switchmode,read‐write.

Example

ThisexampleresetsthesessiontimeoutvaluefortheIEEE802.1Xauthenticationmethodto0

seconds.

D2(su)->clear multiauth session-timeout dot1x

Configuring VLAN Authorization (RFC 3580)

Purpose

RFC3580TunnelAttributesprovideamechanismtocontainan802.1XauthenticatedoraMAC

authenticatedusertoaVLANregardlessofthePVID.

Pleaseseesection3‐31ofRFC3580fordetailsonconfiguringaRADIUSservertoreturnthe

desiredtunnelattributes.AsstatedinRFC3580,“...itmaybedesirabletoallowaporttobeplaced

intoaparticularVirtualLAN(VLAN),definedin[IEEE8021Q],basedontheresultofthe

authentication.”

TheRADIUSservertypicallyindicatesthedesiredVLANbyincludingtunnelattributeswithinits

Access‐Acceptparameters.However,theIEEE802.1XorMACauthenticatorcanalsobe

configuredtoinstructtheVLANtobeassignedtothesupplicantbyincludingtunnelattributes

withinAccess‐Requestparameters.

ThefollowingtunnelattributesareusedinVLANauthorizationassignment,:

•Tunnel‐Ty pe‐VLAN(13)

•Tunnel‐Medium‐Ty pe‐802

•Tunnel‐Private‐Group‐ID‐VLANID

InordertoauthenticatemultipleRFC3580users,��policymaptableresponsemustbesettotunnel

asdescribedinthissection.

dot1x(Optional)SpecifiestheIEEE802.1Xport‐basednetworkaccesscontrol

authenticationmethodforwhichtoresetthetimeoutvaluetoits

default.

mac (Optional)SpecifiestheEnterasysMACauthenticationmethodfor

whichtoresetthetimeoutvaluetoitsdefault.

pwa (Optional)SpecifiestheEnterasysPortWeb Authenticationmethodfor

whichtoresetthetimeoutvaluetoitsdefault.

Note: The D2 cannot simultaneously support Policy and RFC 3580 on the same port. If multiple

users are configured to use a port, and the G3 is then switched from "policy" mode to (RFC-3580

"tunnel" mode, the total number of users supported to use a port will be reset to one.