Knowledge Base

Scenario

ZyXEL’s new 1910 series switches support 802.1x dynamic VLAN assignment, what configuration should be done in order to use this function?

Step

1. Configure a VLAN for testing; assign its membership to 2 ports. VLAN 10 is used as an example here.

 

 

 

 

2. Assign the VLAN’s PVID to only 1 of the ports which were selected as the members in step1.

 

 

 

 

3. Enable AAA in Configuration->Security->AAA

Type the IP-Address of the RADIUS server and shared-secret.

 

 

 

 

4. Enable 802.1X Port-Authentication in Configuration->Security->Network->NAS

Set the Mode to Enabled, and check the “RADIUS-Assigned VLAN Enabled” box.

 

 

 

 

5. Scroll down to the Port Configuration part; enable 802.1X by selecting “Single 802.1X” on the Port which was not assigned a PVID in Step 2. Also check the “RADIUS-Assigned VLAN Enabled” box.

 

 

 

6. On the RADIUS Server, add the following attributes in order to give VLAN tag to the client when it is successfully authenticated:

 

Tunnel-Type: VLAN

Tunnel-Medium-Type: 802

Tunnel-Private-Group-ID: VLAN ID, example: 10.

Verification

Connect to the  ports which were configured for testing, your device should be able to communicate with the other ports after the client passes the authentication.