Netgear WFS709TP-100NAS User Guide

Overview of the WFS709TP

1-13

4. The VLAN is derived from attributes returned by the authentication server (server-derived 

rule). Within a set of server-derived rules, a rule that derives a specific VLAN takes 
precedence over a rule that derives a user role that may have a VLAN configured for it.

5. The VLAN is derived from Microsoft Tunnel attributes (Tunnel-Type, Tunnel Medium Type, 

and Tunnel Private Group ID). All three attributes must be present. This does not require any 
server-derived rule.

6. The VLAN is derived from NETGEAR vendor-specific attributes (VSAs) for RADIUS server 

authentication. This does not require any server-derived rule.

If a NETGEAR VSA is present, it overrides any previous VLAN assignment.

Wireless clients communicate through a WLAN with the wired network and other wireless clients 
in a WFS709TP system. There are two phases to the process by which a wireless client gains 
access to a WLAN:

1. Association of the radio network interface card (NIC) in the PC with an AP, as described by 

the IEEE 802.11 standard. This association allows data link (Layer 2) connectivity.

2. Authentication of the client/user before network access is allowed.

APs send out beacons that contain the SSIDs of specific WLANs; the user can select the network 
they want to join. Wireless clients can also send out probes to locate a WLAN within range or to 
locate a specific SSID, and APs within range of the client respond. Along with the SSID, an AP 
also sends out the following information:

•

Data rates supported by the WLAN. Clients can determine which WLAN to associate with 
based on the supported data rate.

•

WLAN requirements for the client. For example, clients may need to use TKIP for encrypting 
data transmitted on the WLAN.