Issue Description
To be able to assign VLANs dynamically from the RADIUS server you can use one of the following standard attributes to deliver the VLAN attribute(RFC2865, RFC2866, and RFC3576 define standard RADIUS attributes, which are supported by all mainstream vendors):
Attribute No. Attribute Name Description
64 Tunnel-Type Protocol type of the tunnel. The value is fixed as 13, indicating VLAN.
65 Tunnel-Medium-Type Medium type used on the tunnel. The value is fixed as 6, indicating Ethernet.
81 Tunnel-Private-Group-ID Tunnel private group ID, which is used to deliver user VLAN IDs.
Solution
How to configure the switch:
#
vlan batch 10 301 501 710
#
dot1x enable
dot1x dhcp-trigger
mac-authen
#
interface GigabitEthernet0/0/3
description Test-port
port hybrid pvid vlan 710
undo port hybrid vlan 1
port hybrid untagged vlan 301 501 710
dot1x enable
dot1x max-user 10
authentication guest-vlan 710
authentication restrict-vlan 710
authentication critical-vlan 710
dot1x authentication-method eap
#
Device: S5700S-52P-LI-AC
Version: V200R003C00SPC300
Result:
![]()
