Auth dynamic-vlan-creation, Auth dynamic, Using – Allied Telesis AlliedWare Plus Operating System Version 5.4.4C (x310-26FT,x310-26FP,x310-50FT,x310-50FP) User Manual

Authentication Commands

Software Reference for x310 Series Switches

43.6

AlliedWare Plus

TM

Operating System - Version 5.4.4C

C613-50046-01 REV A

auth dynamic-vlan-creation

This command enables and disables the Dynamic VLAN assignment feature.

The Dynamic VLAN assignment feature allows a supplicant (client device) to be placed
into a specific VLAN based on information returned from the RADIUS server during
authentication, on a given interface.

Use the no variant of this command to disable the Dynamic VLAN assignment feature.

Syntax

auth dynamic-vlan-creation [rule {deny|permit}] [type {multi|single}]

no auth dynamic-vlan-creation

Default

By default, the Dynamic VLAN assignment feature is disabled.

Mode

Interface Configuration for a static channel, a dynamic (LACP) channel group, or a switch
port.

Usage

If the Dynamic VLAN assignment feature is enabled (disabled by default), VLAN
assignment is dynamic. If the Dynamic VLAN assignment feature is disabled then RADIUS
attributes are ignored and configured VLANs are assigned to ports. Dynamic VLANs may
be associated with authenticated MAC addresses if the type parameter is applied with the
rule parameter.

The rule parameter deals with the case where there are multiple supplicants attached to a
port, and the type parameter has been set to single-vlan. The parameter specifies how the
switch should act if different VLAN IDs end up being assigned to different supplicants. The
keyword value deny means that once a given VID has been assigned to the first
supplicant, then if any subsequent supplicant is assigned a different VID, that supplicant is
rejected. The keyword value permit means that once a given VID has been assigned to the
first supplicant, then if any subsequent supplicant is assigned a different VID, that
supplicant is accepted, but it is actually assigned the same VID as the first supplicant.

If you issue an auth dynamic-vlan-creation command without an optional rule parameter
and a required deny or permit keyword value then a second supplicant with a different
VLAN ID is rejected. It is not assigned to the first supplicant’s VLAN. Issuing an auth
dynamic-vlan-creation command without an optional rule parameter has the same effect
as issuing an auth dynamic-vlan-creation rule deny command rejecting supplicants with
differing VIDs.

Parameter

Description

rule

VLAN assignment rule.

deny

Deny a differently assigned VLAN ID. This is the default rule.

permit

Permit a differently assigned VLAN ID.

type

Specifies whether multiple different VLANs can be assigned to
supplicants (client devices) attached to the port, or whether only a
single VLAN can be assigned to supplicants on the port.

multi

Multiple Dynamic VLAN.

single

Single Dynamic VLAN.