Set vlanauthorization, Set vlanauthorization -47 – Enterasys Networks D-Series User Manual
Page 509
set vlanauthorization
Enterasys D-Series CLI Reference
17-47
When a user successfully authenticates to the network, the RADIUS server returns an Access‐
Accept frame. This frame can have many attributes, two of which are a Filter ID (which is how
policy assignment is achieved) and RFC 3580 VLAN assignment.
If a switch is in tunnel mode:
•
The FID (Filter ID) is always ignored, but Default policy rules still apply.
•
The VLAN attribute is used if present, and if VLAN authorization is enabled. See “
If a switch is in policy mode:
•
If the Access‐Accept frame has the FID attribute only, then the FID is used.
•
If the Access‐Accept frame has the VLAN attribute only, then it is used provided that VLAN
authorization is enabled. See “
•
If both attributes are returned, use the FID only.
Examples
This example shows how to set the policy maptable response to tunnel:
D2(rw)-> set policy maptable response tunnel
set vlanauthorization
Enable or disable the use of the RADIUS VLAN tunnel attribute to put a port into a particular
VLAN based on the result of authentication.
Syntax
set vlanauthorization {enable | disable} [port-string]
Parameters
Defaults
VLAN authentication is disabled by default.
Mode
Switch command, read‐write.
Examples
This example shows how to enable VLAN authentication for all Gigabit Ethernet ports:
D2(rw)-> set vlanauthorization enable ge.*.*
This example shows how to disable VLAN authentication for all Gigabit Ethernet ports on switch
unit/module 3:
D2(rw)-> set vlanauthorization disable ge.3.*
enable | disable
Enables or disables vlan authorization/tunnel attributes.
port‐string
(Optional) Specifies which ports to enable or disable the use of VLAN
tunnel attributes/authorization. For a detailed description of possible port‐
string values, refer to “