Hola chicos,
Para poder asignar VLAN dinámicamente desde el servidor RADIUS, puede utilizar uno de los siguientes atributos estándar para entregar el atributo VLAN (RFC2865, RFC2866 y RFC3576 definen los atributos estándar de RADIUS, que son compatibles con todos los proveedores principales):
Attribute No. Attribute Name Description
64 Tunnel-Type Protocol type of the tunnel. The value is fixed as 13, indicating VLAN.
65 Tunnel-Medium-Type Medium type used on the tunnel. The value is fixed as 6, indicating Ethernet.
81 Tunnel-Private-Group-ID Tunnel private group ID, which is used to deliver user VLAN IDs.
How to configure the switch:
#
vlan batch 10 301 501 710
#
dot1x enable
dot1x dhcp-trigger
mac-authen
#
interface GigabitEthernet0/0/3
description Test-port
port hybrid pvid vlan 710
undo port hybrid vlan 1
port hybrid untagged vlan 301 501 710
dot1x enable
dot1x max-user 10
authentication guest-vlan 710
authentication restrict-vlan 710
authentication critical-vlan 710
dot1x authentication-method eap
#
Device: S5700S-52P-LI-AC
Version: V200R003C00SPC300
Resultado
Espero sea útil!
