© Copyright Lenovo 2016
Table 10.
Support for RADIUS Attributes (continued)
# Attribute
81 Tunnel‐Private‐
Group‐ID
79 EAP‐Message
80 Message‐
Authenticator
87 NAS‐Port‐ID
Legend: RADIUS Packet Types: A‐R (Access‐Request), A‐A (Access‐Accept),
A‐C (Access‐Challenge), A‐R (Access‐Reject)
RADIUS Attribute Support:
0
This attribute MUST NOT be present in a packet.
0+
Zero or more instances of this attribute MAY be present in a packet.
0‐1
Zero or one instance of this attribute MAY be present in a packet.
1
Exactly one instance of this attribute MUST be present in a packet.
1+
One or more of these attributes MUST be present.
Attribute Value
VLAN ID (1‐4094). When 802.1X
RADIUS VLAN assignment is
enabled on a port, if the RADIUS
server includes the tunnel
attributes defined in RFC 2868 in
the Access‐Accept packet, the
switch will automatically place
the authenticated port in the
specified VLAN. Reserved
VLANs (such as for management
or stacking) may not be specified.
The attribute must be untagged
(the Tag field must be 0).
Encapsulated EAP packets from
the supplicant to the
authentication server (Radius)
and vice‐versa. The authenticator
relays the decoded packet to both
devices.
Always present whenever an
EAP‐Message attribute is also
included. Used to
integrity‐protect a packet.
Name assigned to the
authenticator port, e.g.
Server1_Port3
Chapter 6: 802.1X Port-Based Network Access Control
A-R A-A A-C A-R
0
0‐1
0
0
1+
1+
1+
1+
1
1
1
1
1
0
0
0
123