Single operating mode, Multiple operating mode, Supplicant vlan attributes on the radius server – Allied Telesis AT-S63 User Manual
Page 371

AT-S63 Management Software Features Guide
Section VIII: Port Security
371
Single Operating
Mode
Here are the operating characteristics for the switch when an authenticator 
port is set to the Single operating mode:
If the switch receives a valid VLAN ID or VLAN name from the RADIUS 
server, it moves the authenticator port to the designated VLAN and 
changes the port to the authorized state. If the piggy-back mode is 
disabled, only the authenticated supplicant is allowed to use the port. 
All other supplicants are denied entry. If the piggy-back mode is 
enabled, all clients are allowed access to the port and the same VLAN 
after the initial authentication.
If the switch receives an invalid VLAN ID or VLAN name from the 
RADIUS server (e.g., the VID of a nonexistent VLAN), it leaves the port 
in the unauthorized state to deny access to the port.
Multiple
Operating Mode
The initial authentication on an authenticator port running in the Multiple 
operating mode is handled in the same fashion as with the Single 
operating mode. If the switch receives a valid VLAN ID or name from the 
RADIUS server, it moves the authenticator port to the designated VLAN 
and changes the port to the authorized state.
How the switch handles subsequent authentications on the same port 
depends on how you set the Secure VLAN parameter. Your options are as 
follows:
If you activate the Secure VLAN feature, only those supplicants with 
the same VLAN assignment as the initial supplicant are authenticated. 
Supplicants with a different VLAN assignment or with no VLAN 
assignment are denied access to the port.
If you disable the Secure VLAN feature, all supplicants, regardless of 
their assigned VLANs, are authenticated. However, the port remains in 
the VLAN specified in the initial authentication.
Supplicant VLAN
Attributes on the
RADIUS Server
The following information must be entered as part of a supplicant’s 
account on the RADIUS server when associating a supplicant to a VLAN.
Tunnel-Type
The protocol to be used by the tunnel specified by Tunnel-Private-
Group-Id. The only supported value is VLAN (13).
Tunnel-Medium-Type
The transport medium to be used for the tunnel specified by Tunnel-
Private-Group-Id. The only supported value is 802 (6).
Tunnel-Private-Group-ID
The ID of the tunnel the authenticated user should use. This must be 
the name of VID of the VLAN of the switch.
