3Com 3C17300A Implementation Guide - Page 84

84 CHAPTER 10: MAKING YOUR NETWORK SECURE ■ Before you enable Network Login or Rada you must ensure that: ■ RADIUS has been configured on the Switch. ■ The RADIUS server in your network is operational. ■ If the RADIUS server fails or is unavailable, client devices will be unable to access the network or be restricted to the default access. ■ Network Login and Rada are not supported on ports configured to operate as members of an aggregated link. ■ Some client devices that are connected to the Switch port may not support network login, for example printers. You should configure the Switch port to operate in Automatic Learning mode, so that network traffic that does not match the MAC address for the client device is filtered, or use the basic Rada mode. ■ You should enable Network Login or Rada on all relevant Switch ports. Failure to enable authentication on a single port could compromise the security of the entire network. RADIUS Server settings for Auto VLAN When setting up Auto VLAN on a RADIUS server the following attributes must be set to supply VLAN data to the Switch: Table 8 Setting Auto VLAN attributes Attribute Tunnel-Type Tunnel-Medium-Type Tunnel-Private-Group-ID Value VLAN 802 The Tunnel-Private-Group-ID attribute specifies the VLAN to be assigned. This can take various forms to indicate if the port is untagged or tagged member, for example '2u 3t' means that the port is an untagged member of VLAN 2 and a tagged member of VLAN 3. The switch will assign the first VLAN number with no suffix, or with a 'U' or 'u' suffix, as an untagged VLAN for the port. Any further VLAN numbers with no suffix, or with the 'U' or 'u' suffix, will be assigned as a tagged VLAN on the same port. For example; all the following strings are identical after processing: "23 7T 88T", "7T 88t 23u", "88T 23 7t ", "23 7 88", "7T 23u 88u".