The aaa authorization network default group radius command is typically used on the routers for RADIUS user authorization of all network-related service requests, such as PPP, SLIP, and ARAP. However, in the context of the Catalyst switch, it allows RADIUS server authorization of VLAN assignment or per-user ACLs. The RADIUS server tunnel and 802.1x attributes, which are defined in Internet Engineering Task Force (IETF) RFCs 2868 and 3580, provide fields that can be populated with user VLAN information. Three tunnel attributes are used for RADIUS VLAN assignment:

• Attribute 64 Tunnel-Type=VLAN (type 13)

• Attribute 65 Tunnel-Medium-Type=802 (type 6)

• Attribute 81 Tunnel-Private-Group-ID=VLANID

The first two attributes have an integer value, and the last one is a text string identifying the VLAN name . If a VLAN number is assigned to this attribute, the 802.1x authorization process will place the port to an authorized state after successful authentication, but the port will remain in the default VLAN.

0 0

Post a comment