beautypg.com

Configuring vlan authorization (rfc 3580), Purpose, Commands – Enterasys Networks D-Series User Manual

Page 507: Show policy maptable response, Configuring vlan authorization (rfc 3580) -45, Purpose -45 commands -45, Show policy maptable response -45, Configuring vlan, Authorization (rfc 3580)

background image

Configuring VLAN Authorization (RFC 3580)

Enterasys D-Series CLI Reference

17-45

Configuring VLAN Authorization (RFC 3580)

Purpose

RFC 3580 Tunnel Attributes provide a mechanism to contain an 802.1X authenticated or a MAC 
authenticated user to a VLAN regardless of the PVID. 

Please see section 3‐31 of RFC 3580 for details on configuring a RADIUS server to return the 
desired tunnel attributes. As stated in RFC 3580, “... it may be desirable to allow a port to be placed 
into a particular Virtual LAN (VLAN), defined in [IEEE8021Q], based on the result of the 
authentication.”

The RADIUS server typically indicates the desired VLAN by including tunnel attributes within its 
Access‐Accept parameters. However, the IEEE 802.1X or MAC authenticator can also be 
configured to instruct the VLAN to be assigned to the supplicant by including tunnel attributes 
within Access‐Request parameters.

The following tunnel attributes are used in VLAN authorization assignment, :

Tunnel‐Type ‐ VLAN (13)

Tunnel‐Medium‐Type ‐ 802

Tunnel‐Private‐Group‐ID ‐ VLANID

In order to authenticate multiple RFC 3580 users, policy maptable response must be set to tunnel 
as described in this section.

Commands

show policy maptable response

Displays the current policy maptable response setting. When VLAN authorization is enabled (as 
described in this section) and the policy maptable response is tunnel, you can use the set 

Notes: The D2 cannot simultaneously support Policy and RFC 3580 on the same port. If multiple
users are configured to use a port, and the D2 is then switched from "policy" mode to RFC-3580
"tunnel" mode, the total number of users supported to use a port will be reset to one.

A policy license, if applicable, is not required to run RFC3580.

For information about...

Refer to page...

show policy maptable response

17-45

set policy maptable response

17-46

set vlanauthorization

17-47

set vlanauthorization egress

17-48

clear vlanauthorization

17-48

show vlanauthorization

17-49

See also other documents in the category Enterasys Networks Computer Accessories: