beautypg.com

Allied Telesis AlliedWare Plus Operating System Version 5.4.4C (x310-26FT,x310-26FP,x310-50FT,x310-50FP) User Manual

Page 1924

background image

LLDP, LLDP-MED and Voice VLAN Introduction and Configuration

Software Reference for x310 Series Switches

70.20

AlliedWare Plus

TM

Operating System - Version 5.4.4C

C613-50046-01 REV A

11.

awplus(config-radsrv-group)#

egress-vlan-id

<vid> tagged

Set the Egress-VLAN ID attribute for the user
group, and set it to send tagged frames.
This will assign the tagged VLAN ID to
authenticated ports for phones connected to the
switch.
To create multiple user groups for phones with
different VLANs, repeat these two steps.

12.

awplus(config-radsrv-group)#

exit

Return to RADIUS Server Configuration mode.

Add users to the local RADIUS server.

13.

awplus(config-radsrv)#

user

name> password group group>

Add RADIUS user names and passwords to the
local RADIUS server for authenticating PCs and
phones. Assign the corresponding RADIUS server
user groups configured in

Step 6

and

Step 9

.

See the

user (RADIUS server) command on page

51.35

.

14.

awplus(config-radsrv)#

exit

Return to Global Configuration mode.

Create VLANs.

15.

awplus(config)#

vlan database

Enter VLAN Database Configuration mode.

16.

awplus(config-vlan)#

vlan

<vid-range>

Create the VLANs corresponding to the VLAN IDs
that will be allocated to the authenticated ports,
as configured in

Step 7

,

Step 10

, and

Step 11

.

17.

awplus(config-vlan)#

exit

Return to Global Configuration mode.

Configure 802.1X port authentication.

18.

awplus(config)#

aaa authentication dot1x

default group radius

Enable 802.1X port authentication and set it to
use the default group of RADIUS servers that
contains all RADIUS server hosts configured using
the

radius-server host

command.

In this procedure, the default group consists of
the local RADIUS server.

19.

awplus(config)#

interface <port-list>

Enter interface configuration mode for the ports
that have users (PCs and phones) connected to
them.

20.

awplus(config-if)#

dot1x port-control

auto

Enable 802.1X for port authentication on these
ports.

21.

awplus(config-if)#

auth host-mode

multi-

supplicant

Configure the ports to use multi-supplicant mode
for authentication, so that the phone and PC can
be dynamically allocated to different VLANs.

22.

awplus(config-if)#

auth dynamic-vlan-creation

Configure the ports to accept dynamic VLAN
allocation.
In this procedure, the RADIUS server user groups
for both the PCs and the phones use the same
VLAN (

Step 7

and

Step 10

), so the default rule

(deny) allows them both the access they need to
the port VLAN. For other options, see the

auth

dynamic-vlan-creation command on page 43.6

.

Default: deny differently assigned VLAN IDs.

23.

awplus(config-if)#

exit

Return to Global Configuration mode.

24.

awplus(config)#

exit

Return to Privileged Exec mode.

Table 70-6: Configuration procedure for Voice VLAN with RADIUS authentication and dynamic VLAN

(cont.)

See also other documents in the category Allied Telesis Computer hardware: