Hola chicos,

Para poder asignar VLAN dinámicamente desde el servidor RADIUS, puede utilizar uno de los siguientes atributos estándar para entregar el atributo VLAN (RFC2865, RFC2866 y RFC3576 definen los atributos estándar de RADIUS, que son compatibles con todos los proveedores principales):

Attribute No.        Attribute Name                              Description

64                 Tunnel-Type                              Protocol type of the tunnel. The value is fixed as 13, indicating VLAN.

65                Tunnel-Medium-Type                        Medium type used on the tunnel. The value is fixed as 6, indicating Ethernet.

81                Tunnel-Private-Group-ID              Tunnel private group ID, which is used to deliver user VLAN IDs.

How to configure the switch:

#

vlan batch 10 301 501 710

#

dot1x enable

dot1x dhcp-trigger

mac-authen

#

 interface GigabitEthernet0/0/3

 description Test-port

 port hybrid pvid vlan 710

 undo port hybrid vlan 1

 port hybrid untagged vlan 301 501 710

 dot1x enable

 dot1x max-user 10

 authentication guest-vlan 710

 authentication restrict-vlan 710

 authentication critical-vlan 710

 dot1x authentication-method eap

#

 Device: S5700S-52P-LI-AC

Version: V200R003C00SPC300

Resultado

Espero sea útil!