D-Link DGS-3620-52T CLI Guide - Page 1169
ACL by RADIUS Server
View all D-Link DGS-3620-52T manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 1169 highlights
xStack® DGS-3620 Series Layer 3 Managed Stackable Gigabit Switch CLI Reference Guide 0x01 0x02 Others (0x00, 0x03 ~ 0x1F, >0x1F) VLAN name (ASCII) VLAN ID (ASCII) 1. When the switch receives the VLAN setting string, it will think it is the VLAN ID first. In other words, the switch will check all existed VLAN ID and check if there is one matched. A tag field of greater than 0x1F is interpreted as the first octet of the following field. 2. If the switch can find one matched, it will move to that VLAN. 3. If the switch can not find the matched VLAN ID, it will think the VLAN setting string as a "VLAN Name". 4. Then it will check that it can find out a matched VLAN Name. If the user has configured the VLAN attribute of the RADIUS server (for example, VID 3) and the 802.1X, or MAC-based Access Control, or WAC/JWAC authentication is successful, the port will be assigned to VLAN 3. However if the user does not configure the VLAN attributes, when the port is not guest VLAN member, it will be kept in its current authentication VLAN, and when the port is guest VLAN member, it will be assigned to its original VLAN. To assign ACL by RADIUS Server, the proper parameters should be configured on the RADIUS Server. The table below shows the parameters for an ACL. The parameters of the Vendor-Specific Attribute are: RADIUS Tunnel Attribute Description Vendor-ID Defines the vendor. Value 171 (DLINK) Usage Required Vendor-Type Defines the attribute. Attribute-Specific Field Used to assign the ACL profile or rule. 12 (for ACL profile) Required 13 (for ACL rule) ACL Command Required For example: ACL profile: create access_profile ethernet vlan 0xFFF profile_id 100; ACL rule: config access_profile profile_id 100 add access_id auto_assign ethernet vlan_id default port all deny; If the user has configured the ACL attribute of the RADIUS server (for example, ACL profile: create access_profile ethernet vlan 0xFFF profile_id 100; ACL rule: config access_profile profile_id 100 add access_id auto_assign ethernet), and the 802.1X or MAC-based Access 1164