| Description | This article describes steps on how to configure dynamic assigned tag vlan on Radius Server. |
| Scope | FortiSwitch and FortiGate 7.0.x and above. |
| Solution |
In some cases, requirement is to push dynamic assigned tag vlan from radius server to the FortiSwitch for VOIP devices.
Starting in FortiSwitchOS 7.0.0, the following RADIUS attributes can be used to configure dynamic non-native VLANs:
1) Egress-VLANID 2) Egress-VLAN-Name
For more details, refer page#139
Refer to the below explanation on how to configure the radius server to send Egress-VLAN ID attribute.
Egress-VLAN ID: 'Provides the VLAN identifier and controls whether egress packets are tagged (56). To set the VLAN ID value, use 0x31 for a tagged VLAN or 0x32 for an untagged VLAN.'
Here is an example of how Hex value is calculated for a tagged VLAN 30 thats will be returned to FortiSwitch. 0x31<000><VLAN-ID in Hex> the value of 30 in Hex is 1E, another 0 must be padded making it 01E. Finally, the Hex value for a tagged VLAN 30 is 0x3100001E. Now, convert HEX to Decimal. 0x3100001E in decimal is 822083614. Configuration on Radius server should be something like this (Here FortiConnect is being used)
Below is Wireshark Capture which shows the return attribute:
Helpful link:-
Reference KB articles:-
|
