The switch uses the RADIUS tunnel attributes to place a port into a particular VLAN to support dynamic VLAN switching based on authentication. The server must send these attributes together in the same RADIUS packet. If one attribute is missing, the switch ignores the others.
The RADIUS server indicates the desired VLAN by including the tunnel attribute within the Access-Accept message. RADIUS uses the following tunnel attributes for VLAN membership:
RAD_ATTR_TUNNEL_TYPE(64)
Tunnel-Type: value 13, Tunnel-Type-VLAN
RAD_ATTR_TUNNEL_MEDIUM_TYPE(65)
Tunnel-Medium-Type: value 6, Tunnel-Medium-Type-802
RAD_ATTR_TUNNEL_PRI_GROUP_ID
Tunnel-Private-Group-ID: ASCII value 1-4094 (this value identifies the specified VLAN)
Tunnel attributes are defined by RFC 2868.
Important
Configure these attributes only if you require Dynamic VLAN membership.
The VLAN ID is 12 bits, uses a value from <1-4094>, and is encoded as a string.
In addition, you can configure the RADIUS server to send a vendor-specific attribute (VSA) to configure port priority. You can assign the switch Supplicant port a QoS value from 0 to 6.
For more information, see EAP-Port-Priority.