RADIUS Tunnel Attributes

The switch uses the RADIUS tunnel attributes to place a port into a particular VLAN to support dynamic VLAN switching based on authentication. The server must send these attributes together in the same RADIUS packet. If one attribute is missing, the switch ignores the others.

The RADIUS server indicates the desired VLAN by including the tunnel attribute within the Access-Accept message. RADIUS uses the following tunnel attributes for VLAN membership:

Tunnel attributes are defined by RFC 2868.

Important

Important

Configure these attributes only if you require Dynamic VLAN membership.

The VLAN ID is 12 bits, uses a value from <1-4094>, and is encoded as a string.

In addition, you can configure the RADIUS server to send a vendor-specific attribute (VSA) to configure port priority. You can assign the switch Supplicant port a QoS value from 0 to 6.

For more information, see EAP-Port-Priority.