Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

TechLibrary
Navigation

Configuring the RADIUS NAS-Port Extended Format per VLAN

As an alternative to globally configuring the extended format for the NAS-Port (5) RADIUS attribute in an access profile, you can configure the NAS-Port extended format on a per-VLAN basis as part of a NAS-Port options definition. The NAS-Port extended format configures the number of bits (bit width) in each field in the NAS-Port attribute, including: slot, adapter, port, VLAN, and S-VLAN.

Configuring NAS-Port options definitions on a per-VLAN basis is useful in network configurations that use a 1:1 access model.

To configure an extended format for the NAS-Port RADIUS attribute per VLAN:

  1. Specify the interface you want to configure.
    [edit]user@host# edit interfaces interface-name
  2. Enable VLAN tagging on the interface.
    [edit interfaces interface-name]user@host# set vlan-tagging

    Setting VLAN tagging enables the reception and transmission of 802.1Q VLAN-tagged frames on the interface. You must enable VLAN tagging before you can configure the VLAN ranges to which the NAS-Port options definition applies.

  3. Specify that you want to configure RADIUS options for a VLAN interface.
    [edit interfaces interface-name]user@host# edit radius-options
  4. Create a named NAS-Port options definition.
    [edit interfaces interface-name radius-options]user@host# edit nas-port-options nas-port-options-name
  5. Configure the NAS-Port extended format.
    [edit interfaces interface-name radius-options nas-port-options nas-port-options-name]user@host# set nas-port-extended-format slot-width width adapter-width width port-width width vlan-width width
  6. Configure the VLAN range or ranges to which the NAS-Port options definition applies.
    [edit interfaces interface-name radius-options nas-port-options nas-port-options-name]user@host# set vlan-ranges (any | low-taghigh-tag)

    Per-VLAN configurations typically require you to create a VLAN range that consists of a single VLAN ID on the physical interface. To do so, set the low-tag and high-tag options in the vlan-ranges statement to the same value, as shown in the following example.

The following example shows a per-VLAN NAS-Port options definition named paris-subscribers that configures a NAS-Port extended format consisting of a 4-bit slot field, 2-bit adapter field, 4-bit port field, and 2-bit VLAN field. The paris-subscribers definition applies to VLAN ID 1 on Gigabit Ethernet physical interface ge-1/0/1.

[edit interfaces ge-1/0/1 radius-options]
nas-port-options paris-subscribers {nas-port-extended-format {slot-width 4;adapter-width 2;port-width 4;vlan-width 2;}vlan-ranges {1-1;}}
 

Related Documentation

 

Published: 2013-02-11

Previous Page Next Page