ES-2024 Series User’s Guide
113 Chapter 16 Port Authentication
Note: Refer to the documentation that comes with your RADIUS server on how to
configure a VSA.
The following table describes the VSAs supported on the switch.
16.1.1.2 Tunnel Protocol Attribute
You can configure tunnel protocol attributes on the RADIUS server to assign a port on the
switch to a VLAN (fixed, untagged). This will also set the port’s VID. Refer to RFC 3580 for
more information.
16.2 Port Authentication Configuration
To enable port authentication, first activate IEEE802.1x security (both on the switch and the
port(s)) then configure the RADIUS server settings.
Table 32 Supported VSA
FUNCTION ATTRIBUTE
Ingress Bandwidth
Assignment
Vendor-Id = 890 (ZyXEL)
Vendor-Type = 1
Vendor-data = ingress rate (decimal)
Egress Bandwidth
Assignment
Vendor-Id = 890 (ZyXEL)
Vendor-Type = 2
Vendor-data =
egress rate (decimal)
Privilege Assignment Vendor-ID = 890 (ZyXEL)
Vendor-Type = 3
Vendor-Data = "shell:priv-lvl=N"
or
Vendor-ID = 9 (CISCO)
Vendor-Type = 1 (CISCO-AVPAIR)
Vendor-Data = "shell:priv-lvl=N"
where
N is a privilege level (from 0 to 14).
Note: If you set the privilege level of a login account differently
on the RADIUS server(s) and the switch, the user is
assigned a privilege level from the database (RADIUS or
local) the switch uses first for user authentication.
Table 33 Supported Tunnel Protocol Attribute
FUNCTION ATTRIBUTE
VLAN Assignment Tunnel-Type = VLAN(13)
Tunnel-Medium-Type = 802(6)
Tunnel-Private-Group-ID =
VLAN ID
Note: You must also create a VLAN with the specified VID on
the switch.