Computer and IT knowledge - things to know - All
Radius profile for tagged vlan on a switch port - RFC 4675 (useful for HPE Clearpass / freeradius)
RFC 4675: RADIUS Attributes for Virtual LAN and Priority Support
Attribute Egress-VLANID:
------------------------
- The Egress-VLANID attribute represents an allowed IEEE 802 Egress
VLANID for this port, indicating if the VLANID is allowed for
tagged or untagged frames as well as the VLANID.
- Type: Radius:IETF, Name: Egress-VLANID
- Value Field: [TAG Indic.| Pad | VLANID]
- The Tag Indication field, one octet long, specifies whether VLAN frames are tagged (0x31) or untagged (0x32),
the Pad field is 12 bits of zeros, and the VLANID is 12 bits containing the IEEE-802.1Q VLAN VID value.
Attribute Egress-VLAN-Name:
---------------------------
- The Egress-VLAN-Name
attribute represents an allowed VLAN for this port. It is similar
to the Egress-VLANID attribute, except that the VLAN-ID itself is
not specified or known; rather, the VLAN name is used to identify
the VLAN within the system.
- Type: Radius:IETF, Name: Egress-VLAN-Name
- Value Field: [TAG Indic.| String]
- The Tag Indication is one byte that shows whether VLAN frames are tagged (0x31, ASCII '1') or untagged (0x32, ASCII '2'), making it easy for users to input,
while the String field, at least one byte long, contains the VLAN name encoded in UTF-8.
========================================================
Examples:
=========
#assign tagged vlan name "wifi", would look like:
Radius:IETF Egress-VLAN-Name = 1wifi
for aruba cx switches you can also use this attribute:
Radius:Hewlett-Packard-Enterprise HPE-Egress-VLAN-Name = 1wifi
========================================================
------
see also:
RFC3580 - assign VLAN via tunnel attributes - https://www.rfc-editor.org/rfc/rfc3580 computer2know :: thank you for your visit :: have a nice day :: © 2025