DES-7200 Configuration Guide Chapter 4 802.1x Configuration
4-30
4.2.23 Port-based Traffic
Charging
In addition to the duration-based billing, DES-7200’s network devices provide the traffic-based
billing function in case each port of the equipment has only one user access.
This function calls for no configuration on the device but need the support of the Radius server.
4.2.24 Implementing Automatic
Switching and Control of
VLAN
To implement the auto-switching of the dynamic VLAN, the user VLAN shall be assigned and
configured by the remote RADIUS server. The remote RADIUS server encapsulates the VLAN
assignment information through the defined RADIUS attributes. After receiving those
information and the user authentication, the access device automatically adds the port where
the user is to the VLAN assigned by the RADIUS server. It is unnecessary of the manual
configurations for the administrator.
You shall use the show dot1x summary command to on the access device to view the actual
VLAN where the user is. Use the show dot1x user id command to view the VLAN assigned
by the RADIUS server.
The access device is able to receive the VLAN assigned by the RADIUS server in two ways of
the extension RADIUS attributes and the standard RADIUS attributes.
The RADIUS server assigns the VLAN to the access device using the standard-extension
attributes. The server encapsulates the extension attributes into the No.26 RADIUS standard
attributes. The extension manufacturing ID is in hex 0x00001311. By default, the extension
attribute type is 4, you can use the radius attribute 4 vendor-type type command to set the
extension attribute type number to assign the VLAN. For the configuration command, see
RADIUS Configuration.
The access device supports the RADIUS server to use the standard RADIUS attributes to
assign the VLAN, including the following attribute combinations:
No.64 Attribute Tunnel-Type
No.65 Attribute Tunnel-Medium-Type
No.81 Attribute Tunnel-Private-Group-ID
And for the auto-switching of the dynamic VLAN application, the valid range is:
Tunnel-Type=VLAN(13)
Tunnel-Medium-Type=802(6)
Tunnel-Private-Group-ID=VLAN ID or VLAN Name
For the details, see the RFC2868 and the RFC3580.