When you configure the LAN Enforcer appliance, you specify the model of the 802.1x-aware switch. Different 802.1x-aware switches look for different attributes to determine which client can access the VLAN. Some switches identify VLANs by VLAN ID and others by VLAN Name. Some devices have limited or no VLAN support.
The LAN Enforcer appliance forwards attributes from the RADIUS server to the switch. If necessary, however, it modifies or appends the VLAN attribute based on the switch type by using supported values. If a conflict exists between the vendor-specific attribute information that the RADIUS server sends and the vendor-specific VLAN attribute information that the LAN Enforcer uses, the LAN Enforcer removes the vendor-specific information that the RADIUS server sends.
The LAN Enforcer then replaces that information with the information that appears in Table: Support for attributes of switch models.
If you want to keep the attributes from the RADIUS server, you can select an action called Open Port. With this action, the LAN Enforcer forwards all attributes from the RADIUS server to the 802.1x-aware switch without any modifications.
The 802.1x-aware switch model can use VLAN ID or VLAN Name to perform dynamic VLAN assignments. Specify both the VLAN ID and VLAN name when you provide VLAN information for the LAN Enforcer, with the exception of the Aruba switch.
Table: Support for attributes of switch models describes the 802.1x-aware switch models and attributes.
Table: Support for attributes of switch models
Rate this Article