PRIMERGY 10GbE Connection Blade 18/8 User Guide
44 / 95
<Configuration target>
Use IEEE802.1X authentication in interface0/1-0/3.
Authentication database of Interface0/1-0/3 is following
-Interface0/1
、
0/2 : RADIUS Server
-Interface0/3 : Authentication information set locally
AAA Group ID
-Interface0/1
、
0/2 :0
-Interface0/3 :1
Authenticated per Supplicant MAC address
Available users in interface 0/3 are following.
User ID
Password
Assigned VLAN ID
Supp1
Supp1-pass
VLAN123
Supp2
Supp2-pass
VLAN100
RADIUS Server IP Address: 172.16.1.100
RADIUS Server is connected to VLAN13.
RADIUS Server secret :radius-secret
Collect authentication and accounting information in RADIUS server used by interface 0/1 and 0/2
Accounting information and Attribute supported by SBAX2 is following.
-Session time :Acct-Session-Time
- Tx packet number :Acct-Output-Packets
- Rx packet number :Acct-Input-Packets
- Tx byte :Acct-Output-Octets
- Rx byte :Acct-Input-Packets
Note
Configure the following attributes in RADISU server in order to assign VLAN ID to users.
Please see user guide of RADIUS server for how to configure.
name
number
Attribute value
Tunnel-Type
64
VLAN (13)
Tunnel-Media-Type
65
802 (6)
Tunnel-Private-Group-ID
81
VLAN ID (coded by ASCII code)
When multiple tunnel attributes are configured by tag, the least available value is assigned to users as
VLAN information.
<Commands>
Enable IEEE802.1X authentication
(config)#dot1x use on
Configure port which RADIUS server is connected to
(config)#interface 0/26
(config-if)#vlan untag 13
Configure VLAN for RADIUS server
(config)#lan 0 vlan 13
(config)#lan 0 ip address 172.16.1.101/16 3
Configure VLAN which supplicants authenticated by IEEE802.1X are connected to
(config)#interface 0/19
(config-if)#vlan untag 10
(config)#interface 0/20
(config-if)#vlan untag 11
(config)#interface 0/21
(config-if)#vlan untag 100