3com WX1200 3CRWX120695A User Manual
Configuring and Managing VLANs
89
You assign a user to a VLAN by setting one of the following attributes on
the RADIUS servers or in the local user database:
the RADIUS servers or in the local user database:
Tunnel-Private-Group-ID — This attribute is described in RFC 2868,
RADIUS Attributes for Tunnel Protocol Support.
RADIUS Attributes for Tunnel Protocol Support.
VLAN-Name — This attribute is a 3Com vendor-specific attribute
(VSA).
(VSA).
You cannot configure the Tunnel-Private-Group-ID attribute in the local
user database.
user database.
Specify the VLAN name, not the VLAN number. The examples in this
chapter assume the VLAN is assigned on a RADIUS server with either of
the valid attributes. (For more information, see Chapter 21, “Configuring
AAA for Network Users,” on page 433.)
chapter assume the VLAN is assigned on a RADIUS server with either of
the valid attributes. (For more information, see Chapter 21, “Configuring
AAA for Network Users,” on page 433.)
VLAN Names
To create a VLAN, you must assign a name to it. VLAN names must be
globally unique across a Mobility Domain to ensure the intended user
connectivity as determined through authentication and authorization.
globally unique across a Mobility Domain to ensure the intended user
connectivity as determined through authentication and authorization.
Every VLAN on a WX switch has both a VLAN name, used for
authorization purposes, and a VLAN number. VLAN numbers can vary
uniquely for each WX switch and are not related to 802.1Q tag values.
authorization purposes, and a VLAN number. VLAN numbers can vary
uniquely for each WX switch and are not related to 802.1Q tag values.
You cannot use a number as the first character in a VLAN name.
Roaming and VLANs
WX switches in a Mobility Domain contain a user’s traffic within the VLAN
that the user is assigned to. For example, if you assign a user to VLAN red,
the WX switches in the Mobility Domain contain the user’s traffic within
VLAN red configured on the switches.
that the user is assigned to. For example, if you assign a user to VLAN red,
the WX switches in the Mobility Domain contain the user’s traffic within
VLAN red configured on the switches.
The WX switch through which a user is authenticated is not required to
be a member of the VLAN the user is assigned to. You are not required to
configure the VLAN on all WX switches in the Mobility Domain. When a
user roams to a switch that is not a member of the VLAN the user is
assigned to, the switch can tunnel traffic for the user through another
switch that is a member of the VLAN. The traffic can be of any protocol
type. (For more information about Mobility Domains, see Chapter 8,
“Configuring and Managing Mobility Domain Roaming,” on page 153.)
be a member of the VLAN the user is assigned to. You are not required to
configure the VLAN on all WX switches in the Mobility Domain. When a
user roams to a switch that is not a member of the VLAN the user is
assigned to, the switch can tunnel traffic for the user through another
switch that is a member of the VLAN. The traffic can be of any protocol
type. (For more information about Mobility Domains, see Chapter 8,
“Configuring and Managing Mobility Domain Roaming,” on page 153.)