Enabling VLAN via RADIUS Attributes
This describes how to configure VLAN settings through RADIUS attributes and add them to a client. For further info look here. To enable general attributes check out Enabling RADIUS Attributes for setup information.
1. Create the Attribute Set
Go to the 'RADIUS Attributes' page and click the 'Add Attributes' button. Name your Attribute Set to create it.
2. Configure the constant attributes
Click the 'Add Attribute' button in the 'Constant Attributes' section. Select 'Tunnel-Medium-Type' as the attribute and '6' (or whatever represents all 802 media) as the value to be returned. (Note: Check your RADIUS vendor-specific documentation for the appropriate values.) Do the same for the 'Tunnel-Type' attribute and enter the value as 'VLAN'.
Constant attributes are returned with any successful login, regardless of user.
3. Configure the group conditional attributes
Click the 'Add Attribute' button in the 'Conditional Attributes' section. Select the attribute 'Tunnel-Private-Group-ID' and the default VLAN value to be returned. Click the 'Add Condition' button to add conditions to the return value.
Conditional attributes are evaluated in order. The first group listed that the authenticated user is a member of determines the value returned. If the user is not a member of any of the groups listed, the default value is returned.
4. Configure the MAC address attributes
Click the 'Add Attribute' button in the 'MAC Address Conditional Attributes' section. Select the attribute 'Tunnel-Private-Group-ID' and the default VLAN value to be returned. Click the 'Add Condition' button to add conditions to the return value.
MAC address conditional attributes are evaluated by the longest matching prefix first. The longest MAC entry matching prefix determines the value returned. If the MAC address does not match any MAC entries listed, the default value is returned. If the MAC address does not match any MAC entries at all, the request is rejected.
5. Assign the attributes to a client
Go to the 'RADIUS Clients' page. In the 'RADIUS Attributes' column, select the Attribute Set you just created. Whenever a request is sent to that client, successful logins will return attributes according to that Attribute Set's specifications.
NOTE: In order to delete an Attribute Set, it must not be associated with any RADIUS Clients.
Updated 5 months ago