ここから本文です。

Dynamic VLAN Setting Procedure (ZEQUO series)

Introduction

This setting example explains the procedure of the dynamic VLAN setting for the ZEQUO series switches.

Applicable models

Overview

This procedure authenticates the supplicant PCs by using the ZEQUO series switches as authenticators and allocates the supplicant PC to each VLAN by using information on the RADIUS server.
The authentication method is the MAC based authentication.

Configuration Example

Overall setting flow

• 1. Set ZEQUO 6400.
  • 1) Set Ports 1-28 to VLAN group 1 (VID=1 VLAN NAME=default), IP:192.168.1.254/24.
  • 2) Set Ports 1-20 to VLAN group 100 (VID=100 VLAN NAME=VLAN100).
  • 3) Set Ports 1-20 to VLAN group 200 (VID=200 VLAN NAME=VLAN200).
  • 4) Enable the 802.1X authentication function, and set the authenticators (Ports 1-20 for authentication ports), set to refer to the attribute (*) of the RDIUS server, and set the RADIUS server (IP address=192.168.1.1, shared key=shared_key).
• 2. Connect ZEQUO 6400 and the terminal as shown in the configuration diagram.
• 3. Confirm that the supplicant PC is authenticated and allocated to the VLAN as registered in the RADIUS server.

* The following attributes must be set for the RADIUS server.

Setting Procedure

Step 1.

Connect the PC and Ethernet switch using a twisted pair cable and console cable, and display the setting screen on a terminal emulator such as ZEQUO assist Plus.
(Refer to Setting Example "Ethernet switch Connection Procedure to a Console Port" for the procedure to display the setting screen on the console port)

Step 2.

On the login screen, enter UserName and PassWord (both set as manager by default), and login to the setting screen. (Refer to Figure 1)

Step 3.

Set the IP address for ZEQUO 6400. The IP interface of VLAN1 is System by default.
After Z6400:admin#, enter command as shown in the following.
Z6400:admin#config ipif System ipaddress 192.168.1.254/24 vlan default
　
If the command is entered correctly, the following message will appear.
Command: config ipif System ipaddress 192.168.1.254/24 vlan default
　
Success.

Step 4.

Set VLAN groups 100 and 200 of ZEQUO 6400.
　
Z6400:admin#create vlan VLAN100 tag 100
Command: create vlan VLAN100 tag 100
　
Success.
　
Z6400:admin#config vlan VLAN100 add untagged 1-20
Command: config vlan VLAN100 add untagged 1-20
　
Success.
　
Z6400:admin#create vlan VLAN200 tag 200
Command: create vlan VLAN200 tag 200
　
Success.
　
Z6400:admin#config vlan VLAN200 add untagged 1-20
Command: config vlan VLAN200 add untagged 1-20
　
Success.

Step 5.

Enable the 802.1X authentication function of ZEQUO 6400.
Z6400:admin#enable 802.1x
Command: enable 802.1x
　
Success.

Step 6.

Set Ports1-20 as the ports used for 802.1X authentication function.
Z6400:admin#config 802.1x capability ports 1-20 authenticator
Command: config 802.1x capability ports 1-20 authenticator
　
Success.

Step 7.

Perform the setting to refer to the attribute of the RADIUS server.
* By this setting, the dynamic VLAN by using the information on the RADIUS server is enabled.
Z6400:admin#config 802.1x authorization attributes radius enable
Command: config 802.1x authorization attributes radius enable
　
Success.

Step 8.

Set the RADIUS server. IP address for the server is 192.168.1.1, and shared key is shared_key.
Z6400:admin#config radius add 1 192.168.1.1 key shared_key default
Command: config radius add 1 192.168.1.1 key shared_key default
　
Success.

Step 9.

When all the settings are complete, save the settings.
　
Z6400:admin#save
Command: save
　
Saving all configurations to NV-RAM.......... Done.

Step 10.

Referring to the configuration diagram, connect ZEQUO 6400 and the terminals and confirm that the supplicant PC is allocated to the VLAN as specified on the RADIUS server. (The maximum number of authenticated users/unit: 448 users)
　
Z6400:admin#show 802.1x auth_state ports 1
Command: show 802.1x auth_state ports 1

 

 

Go back to the top of the page

ここからサブメニューです。