2 tunnel protocol attribute, 2 port authentication configuration – ZyXEL Communications ZyXEL Dimension ES-2108 User Manual

ES-2108 Series User’s Guide

118

Chapter 16 Port Authentication

The following table describes the VSAs supported on the switch.

16.1.1.2 Tunnel Protocol Attribute

You can configure tunnel protocol attributes on the RADIUS server to assign a port on the
switch to a VLAN (fixed, untagged). This will also set the port’s VID. Refer to RFC 3580 for
more information.

16.2 Port Authentication Configuration

To enable port authentication, first activate IEEE802.1x security (both on the switch and the
port(s)) then configure the RADIUS server settings.

Click Advanced Application, Port Authentication in the navigation panel to display the
screen as shown.

Table 33 Supported VSA

FUNCTION

ATTRIBUTE

Ingress Bandwidth

Assignment

Vendor-Id = 890

(ZyXEL)

Vendor-Type = 1
Vendor-data =

ingress rate (decimal)

Egress Bandwidth

Assignment

Vendor-Id = 890

(ZyXEL)

Vendor-Type = 2
Vendor-data =

egress rate (decimal)

Privilege Assignment

Vendor-ID = 890

(ZyXEL)

Vendor-Type = 3
Vendor-Data = "shell:priv-lvl=N"
or
Vendor-ID = 9

(CISCO)

Vendor-Type = 1

(CISCO-AVPAIR)

Vendor-Data = "shell:priv-lvl=N"
where

N

is a privilege level (from 0 to 14).

Note: If you set the privilege level of a login account differently

on the RADIUS server(s) and the switch, the user is
assigned a privilege level from the database (RADIUS or
local) the switch uses first for user authentication.

Table 34 Supported Tunnel Protocol Attribute

FUNCTION

ATTRIBUTE

VLAN Assignment

Tunnel-Type = VLAN(13)
Tunnel-Medium-Type = 802(6)
Tunnel-Private-Group-ID =

VLAN ID

Note: You must also create a VLAN with the specified VID on

the switch.