Operation Manual – AAA & RADIUS & HWTACACS & EADH3C S7500 Series Ethernet SwitchesChapter 1 AAA & RADIUS & HWTACACSConfiguration1-17Caution:z You can execute the scheme command with the radius-scheme-name argument toadopt an already configured RADIUS scheme to implement all the three AAAfunctions. If you adopt the local scheme, only the authentication and authorizationfunctions are implemented, the accounting function cannot be implemented.z If you execute the scheme radius-scheme radius-scheme-name local command,the local scheme becomes the secondary scheme in case the RADIUS server doesnot respond normally. That is, if the communication between the switch and theRADIUS server is normal, no local authentication is performed; otherwise, localauthentication is performed.z If you execute the scheme hwtacacs-scheme radius-scheme-name localcommand, the local scheme becomes the secondary scheme in case the TACACSserver does not respond normally. That is, if the communication between the switchand the TACACS server is normal, no local authentication is performed; otherwise,local authentication is performed.z If you adopt local or none as the primary scheme, local authentication is performedor no authentication is performed. In this case, you cannot use the RADIUS schemeat the same time.1.3.5 Configuring Dynamic VLAN AssignmentThe dynamic VLAN assignment feature enables a switch to dynamically add the switchports with successfully authenticated users to different VLANs according to theattributes assigned by the RADIUS server, so as to control the network resources thatdifferent users can access.Currently, the switch supports the RADIUS authentication server to assign the followingtwo types of VLAN IDs: integer and string.z Integer: If the RADIUS server assigns integer type of VLAN IDs, you can set theVLAN assignment mode to integer on the switch. Then, upon receiving an integerID assigned by the RADIUS authentication server, the switch adds the port to theVLAN whose VLAN ID is equal to the assigned integer ID. If no such a VLAN exists,the switch first creates a VLAN with the assigned ID, and then adds the port to thenewly created VLAN.z String: If the RADIUS server assigns string type of VLAN IDs, you can set theVLAN assignment mode to string on the switch. Then, upon receiving a string IDassigned by the RADIUS authentication server, the switch compares the ID withexisting VLAN names on the switch. If it finds a match, it adds the port to thecorresponding VLAN. Otherwise, the VLAN assignment fails and the user cannotpass the authentication.