beautypg.com

5 tunnel protocol attribute – ZyXEL Communications XGS-4728F User Manual

Page 225

background image

Chapter 25 AAA

XGS-4728F User’s Guide

225

25.2.5 Tunnel Protocol Attribute

You can configure tunnel protocol attributes on the RADIUS server (refer to your
RADIUS server documentation) to assign a port on the Switch to a VLAN based on
IEEE 802.1x authentication. The port VLAN settings are fixed and untagged. This
will also set the port’s VID. The following table describes the values you need to
configure. Note that these atrributes only work when you enable authorization
(see

Section 25.2.3 on page 221

).

Egress Bandwidth
Assignment

Vendor-Id = 890

Vendor-Type = 2

Vendor-data =

egress rate (Kbps in decimal format)

Privilege
Assignment

Vendor-ID = 890

Vendor-Type = 3

Vendor-Data = "shell:priv-lvl=N"

or

Vendor-ID = 9

(CISCO)

Vendor-Type = 1

(CISCO-AVPAIR)

Vendor-Data = "shell:priv-lvl=N"

where

N

is a privilege level (from 0 to 14).

Note: If you set the privilege level of a login account differently

on the RADIUS server(s) and the Switch, the user is
assigned a privilege level from the database (RADIUS or
local) the Switch uses first for user authentication.

Table 71 Supported VSAs

FUNCTION

ATTRIBUTE

Table 72 Supported Tunnel Protocol Attribute

FUNCTION

ATTRIBUTE

VLAN Assignment

Tunnel-Type = VLAN(13)

Tunnel-Medium-Type = 802(6)

Tunnel-Private-Group-ID =

VLAN ID

Note: You must also create a VLAN with the specified VID on

the Switch.

Note: The bolded values in this table are fixed values as defined

in RFC 3580.

See also other documents in the category ZyXEL Communications Computer Accessories: