beautypg.com

Configure authentication for voice vlan – Allied Telesis AlliedWare Plus Operating System Version 5.4.4C (x310-26FT,x310-26FP,x310-50FT,x310-50FP) User Manual

Page 1923

background image

LLDP, LLDP-MED and Voice VLAN Introduction and Configuration

Software Reference for x310 Series Switches

C613-50046-01 REV A

AlliedWare Plus

TM

Operating System - Version 5.4.4C

70.19

Configure Authentication for Voice VLAN

Use the following procedure with LLDP-MED and Voice VLAN to configure 802.1X port
authentication and dynamic VLAN assignment using the local RADIUS server on the
switch to which the voice endpoint devices are connected.

This procedure assumes that you have already:

configured Voice VLAN and LLDP-MED using the procedure in

Table 70-5 on

page 70.14

set

switchport voice vlan

to dynamic in the above procedure

This procedure configures the local RADIUS server. If your configuration uses one or more
remote RADIUS servers instead, set the IP addresses of the remote RADIUS servers using
the

radius-server host

command (

Step 2 on page 19

), and skip all the steps that

configure the local RADIUS server (

Step 3 on page 19

to

Step 14 on page 20

).

Table 70-6: Configuration procedure for Voice VLAN with RADIUS authentication and dynamic VLAN

Configure the IP address of the RADIUS host.

1.

awplus#

configure terminal

Enter Global Configuration mode.

2.

awplus(config)#

radius-server host

127.0.0.1 key

<key-string>

Configure the IP address for the RADIUS server to
be the local loopback interface address, so that
RADIUS requests are sent to the local RADIUS
server. Set the key that Network Access Servers
(NAS) will need to use to get access to this RADIUS
server.

Enable the local RADIUS server.

3.

awplus(config)#

radius-server local

Enter RADIUS Server Configuration mode.

4.

awplus(config-radsrv)#

server enable

Enable the local RADIUS server.

5.

awplus(config-radsrv)#

nas

127.0.0.1 key

<key-string>

Set the switch as a client device (Network Access
Server), to allow it to send authentication requests
to the local RADIUS server.
Use the same local loopback interface IP address
and key as in the

radius-server host

command

used in

Step 2 on page 19

.

Configure a local RADIUS user group for connected PCs.

6.

awplus(config-radsrv)#

group

name>

Create a local RADIUS server user group for PCs
connected to the switch, and enter RADIUS Server
Group Configuration mode.

7.

awplus(config-radsrv-group)#

vlan {|

}

Set the VLAN ID for the user group.
This will assign the untagged VLAN ID to
authenticated ports for PCs connected to the
switch.
To create multiple user groups for PCs with
different VLANs, repeat these two steps.

8.

awplus(config-radsrv-group)#

exit

Return to RADIUS Server Configuration mode.

Configure a local RADIUS user group for connected phones.

9.

awplus(config-radsrv)#

group

name>

Create a new local RADIUS server user group for
phones connected to the switch, and enter
RADIUS Server Group Configuration mode.

10.

awplus(config-radsrv-group)#

vlan {|

}

Configure the local RADIUS user group for
connected phones to use the same VLAN as the
PCs in

Step 7

, so that the phones have access to

the same untagged VLAN as the PCs.

See also other documents in the category Allied Telesis Computer hardware: