Operation Manual - Security
Quidway S3500 Series Ethernet Switches
Chapter 3 AAA and RADIUS Protocol Configuration
Huawei Technologies Proprietary
3-24
3.5.3 Configuring Dynamic VLAN with RADIUS Server
I. Networking Requirements
The RADIUS server (taking Windows IAS as example) delivers sting VLAN ID “test”,
which corresponds to the name of VLAN 100 on the switch. The switch can add the port
to VLAN 100 when the server delivers "test".
II. Networking diagram
See Figure 3-2.
III. Configuration procedure
1) Specify RADIUS scheme
[Quidway] radius scheme ias
[Quidway-radius-ias] primary authentication 10.11.1.1
[Quidway-radius-ias] primary accounting 10.11.1.2
[Quidway-radius-ias] key authentication hello
[Quidway-radius-ias] key accounting hello
[Quidway-radius-ias] quit
2) Create ISP domain
[Quidway] domain ias
[Quidway-isp-ias] scheme radius-scheme ias
3) Configure VLAN delivery mode as string
[Quidway-isp-ias] vlan-assignment-mode string
[Quidway-isp-ias] quit
4) Create a VLAN and specify its name.
# Create a VLAN.
[Quidway] vlan 100
# Configure name of the delivered VLAN.
[Quidway-vlan100] name test
5) Configure on the Windows IAS server the VLAN delivery mode to string and the
name of the delivered VLAN to “test”.
Note:
For the string delivery mode, the VLAN to be delivered must be an existing one on the
switch. That is, you must have created the VLAN and configured a name for it on the
switch. There is no such a restriction for the integer mode.