PRIMERGY 10GbE Connection Blade 18/8 User Guide
47 / 95
<Configuration target>
Use MAC address authentication in interface0/1-0/3.
Authentication database of Interface0/1-0/3 is following
-Interface0/1
、
0/2 : RADIUS Server
-Interface0/3 : Authentication information set locally
AAA Group ID
-Interface0/1
、
0/2 :0
-Interface0/3 :1
Authenticated per Supplicant MAC address
Available users in interface 0/3 are following.
MAC address
Assigned VLAN ID
00:11:11:00:00:01
VLAN123
00:22:22:00:00:02
VLAN100
RADIUS Server IP Address: 172.16.1.100
RADIUS Server is connected to VLAN13.
RADIUS Server secret :radius-secret
Authentication Protocol: MD5-CHAP
Note
Configure the following attributes in RADISU server in order to assign VLAN ID to users.
Please see user guide of RADIUS server for how to configure.
name
number
Attribute value
Tunnel-Type
64
VLAN (13)
Tunnel-Media-Type
65
802 (6)
Tunnel-Private-Group-ID
81
VLAN ID (coded by ASCII code)
When multiple tunnel attributes are configured by tag, the least available value is assigned to users as
VLAN information.
<Commands>
Enable MAC address authentication
(config)#macauth use on
Configure password for MAC address authentication
(config)#macauth password macauth-pass
Configure authentication protocol to MD5-CHAP
(config)#macauth type chap_md5
Configure port which RADIUS server is connected to
(config)#interface 0/26
(config-if)#vlan untag 13
Configure VLAN for RADIUS server
(config)#lan 0 vlan 13
(config)#lan 0 ip address 172.16.1.101/16 3
Configure VLAN which supplicants authenticated by IEEE802.1X are connected to
(config)#interface 0/19
(config-if)#vlan untag 10
(config)#interface 0/20
(config-if)#vlan untag 11
(config)#interface 0/21
(config-if)#vlan untag 100