How can I dynamically assign VLANs or ACLs to users through RADIUS on S series switches

20

You can use the Change of Authorization (CoA) function to dynamically assign VLANs and ACLs to online users. The VLANs and ACLs are assigned on the RADIUS server.

Other related questions:
How to dynamically assign VLANs or ACLs to users through RADIUS
You can use the Change of Authority (CoA) function to dynamically assign VLANs and ACLs to online users. The VLANs and ACLs are assigned on the RADIUS server.

Can I deliver ACLs through the RADIUS server on S series switches
For S series switches (except the S1700), all modular switches support ACL delivery through the RADIUS server, and fixed switches excluding the S2700SI and S2710SI support ACL delivery through the RADIUS server.

Do S series switches support dynamic VLAN delivery through the RADIUS server
Dynamic VLAN delivery through the RADIUS server is to deliver VLAN attributes through the RADIUS server to dynamically authorize online users. For S series switches (except the S1700), the S2700SI and S2710SI running V100R006 do not support this function. However, other switch models running V100R006 and all switch models running versions later than V100R006 support this function.

Subnet-based VLAN assignment on S series switch
Example of configuring IP subnet-based VLAN assignment for S series switches (except S1700 switches): 1. Configuration roadmap 1) Create VLANs, and add an interface to the VLANs so that the interface allows packets of IP subnet-based VLANs to pass through. 2) Enable IP subnet-based VLAN assignment on the interface, and associate IP subnets with the VLANs, so that the switch can determine the VLANs to which received packets belong according to the source IP addresses or specified subnets in the packets. 2. Configuration procedure 1) Create VLANs. [HUAWEI] vlan batch 100 200 //Create VLAN100 and VLAN 200. 2) Configure an interface. [HUAWEI] interface gigabitethernet 0/0/1 [HUAWEI-GigabitEthernet0/0/1] port link-type hybrid //Set the interface type to hybrid. [HUAWEI-GigabitEthernet0/0/1] port hybrid untagged vlan 100 200 //Add the interface to VLAN 100 and VLAN 200 in untagged mode. [HUAWEI-GigabitEthernet0/0/1] ip-subnet-vlan enable //Enable IP subnet-based VLAN assignment on the interface. [HUAWEI-GigabitEthernet0/0/1] quit 3) Associate IP subnets with VLANs. [HUAWEI] vlan 100 [HUAWEI-vlan100] ip-subnet-vlan 1 ip 192.168.1.2 24 priority 2 //Associate IP subnet 192.168.1.2/24 with VLAN 100 and set the 802.1p priority of VLAN 100 to 2. [HUAWEI-vlan100] quit [HUAWEI] vlan 200 [HUAWEI-vlan200] ip-subnet-vlan 1 ip 192.168.2.2 24 priority 3 [HUAWEI-vlan200] quit

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top