Enterasys Networks 9033900-04 Benutzerhandbuch
Command Groups
A-170
VLAN Commands
The access point can employ VLAN tagging support to control access to network resources and
increase security. VLANs separate traffic passing between the access point, associated clients, and
the wired network. You can assign a VLAN to each of the access points radio interfaces, a
management VLAN for the access point, and a VLAN to up to 64 associated clients.
increase security. VLANs separate traffic passing between the access point, associated clients, and
the wired network. You can assign a VLAN to each of the access points radio interfaces, a
management VLAN for the access point, and a VLAN to up to 64 associated clients.
Each wireless client associated to the access point is assigned to the native VLAN ID (a number
between 1 and 4095) for the radio interface. If IEEE 802.1x is being used to authenticate wireless
clients, specific VLAN IDs can be configured on the RADIUS server to be assigned to each client.
Using IEEE 802.1x and a central RADIUS server, up to 64 VLAN IDs can be mapped to specific
wireless clients. The access point allows traffic tagged with assigned VLAN IDs or the native
VLAN ID to access clients associated on the radio interface.
between 1 and 4095) for the radio interface. If IEEE 802.1x is being used to authenticate wireless
clients, specific VLAN IDs can be configured on the RADIUS server to be assigned to each client.
Using IEEE 802.1x and a central RADIUS server, up to 64 VLAN IDs can be mapped to specific
wireless clients. The access point allows traffic tagged with assigned VLAN IDs or the native
VLAN ID to access clients associated on the radio interface.
When VLAN support is enabled, the access point tags traffic passing to the wired network with
the appropriate VLAN ID, either an assigned client VLAN ID, native VLAN ID, or the
management VLAN ID. Traffic received from the wired network must also be tagged with one of
these known VLAN IDs. Received traffic that has an unknown VLAN ID or no VLAN tag is
dropped.
the appropriate VLAN ID, either an assigned client VLAN ID, native VLAN ID, or the
management VLAN ID. Traffic received from the wired network must also be tagged with one of
these known VLAN IDs. Received traffic that has an unknown VLAN ID or no VLAN tag is
dropped.
When VLAN support is disabled, the access point does not tag traffic passing to the wired
network and ignores the VLAN tags on any received frames.
network and ignores the VLAN tags on any received frames.
When setting up VLAN IDs for each user on the RADIUS server, be sure to use the RADIUS
attributes and values as indicated in
attributes and values as indicated in
Table A-18
VLAN ID RADIUS Attributes
Number
RADIUS Attribute
Value
64
Tunnel-Type
VLAN (13)
65
Tunnel-Medium-Type
802
81
Tunnel-Private-Group-ID
VLANID (1 to 4095 in hexadecimal)
Note: The specific configuration of RADIUS server software is beyond the scope of this guide.
Refer to the documentation provided with the RADIUS server software.
Refer to the documentation provided with the RADIUS server software.
Note: When VLANs are enabled, the access point’s Ethernet port drops all received traffic that does
not include a VLAN tag. To maintain network connectivity to the access point and wireless clients, be
sure that the access point is connected to a device port that supports IEEE 802.1Q VLAN tags.
not include a VLAN tag. To maintain network connectivity to the access point and wireless clients, be
sure that the access point is connected to a device port that supports IEEE 802.1Q VLAN tags.