ZyXEL Communications NWA3160 User Manual
Chapter 18 VLAN
ZyXEL NWA-3160 Series User’s Guide
214
18.2.4 Configuring Microsoft’s IAS Server Example
Dynamic VLAN assignment can be used with the ZyXEL Device. Dynamic VLAN
assignment allows network administrators to assign a specific VLAN (configured on the
ZyXEL Device) to an individual’s Windows User Account. When a wireless station is
successfully authenticated to the network, it is automatically placed into it’s respective VLAN.
ZyXEL uses the following standard RADIUS attributes returned from Microsoft’s IAS
RADIUS service to place the wireless station into the correct VLAN:
assignment allows network administrators to assign a specific VLAN (configured on the
ZyXEL Device) to an individual’s Windows User Account. When a wireless station is
successfully authenticated to the network, it is automatically placed into it’s respective VLAN.
ZyXEL uses the following standard RADIUS attributes returned from Microsoft’s IAS
RADIUS service to place the wireless station into the correct VLAN:
The following occurs under Dynamic VLAN Assignment:
1 When you configure your wireless credentials, the ZyXEL Device sends the information
to the IAS server using RADIUS protocol.
2 Authentication by the RADIUS server is successful.
3 The RADIUS server sends three attributes related to this feature.
4 The ZyXEL Device compares these attributes with the VLAN screen mapping table.
3 The RADIUS server sends three attributes related to this feature.
4 The ZyXEL Device compares these attributes with the VLAN screen mapping table.
4a If the Name, for example “VLAN 20” is found, the mapped VLAN ID is used.
4b If the Name is not found in the mapping table, the string in the Tunnel-Private-
4b If the Name is not found in the mapping table, the string in the Tunnel-Private-
Group-ID attribute is considered as a number ID format, for example 2493. The
range of the number ID (Name:string) is between 1 and 4094.
range of the number ID (Name:string) is between 1 and 4094.
4c If a or b are not matched, the ZyXEL Device uses the VLAN ID configured in the
WIRELESS VLAN screen and the wireless station. This VLAN ID is independent
and hence different to the ID in the VLAN screen.
and hence different to the ID in the VLAN screen.
18.2.4.1 Configuring VLAN Groups
To configure a VLAN group you must first define the VLAN Groups on the Active Directory
server and assign the user accounts to each VLAN Group.
server and assign the user accounts to each VLAN Group.
1 Using the Active Directory Users and Computers administrative tool, create the VLAN
Groups that will be used for each VLAN ID. One VLAN Group must be created for each
VLAN defined on the ZyXEL Device. The VLAN Groups must be created as Global/
Security groups.
VLAN defined on the ZyXEL Device. The VLAN Groups must be created as Global/
Security groups.
• Type a name for the VLAN Group that describes the VLAN Group’s function.
• Select the Global Group scope parameter check box.
• Select the Security Group type parameter check box.
• Click OK.
• Select the Global Group scope parameter check box.
• Select the Security Group type parameter check box.
• Click OK.
Table 86 Standard RADIUS Attributes
ATTRIBUTE NAME
TYPE
VALUE
Tunnel-Type
064
13 (decimal) – VLAN
Tunnel-Medium-Type
065
6 (decimal) – 802
Tunnel-Private-Group-ID 081
<vlan-name> (string) – either the Name you enter in the ZyXEL
Device’s VLAN > RADIUS VLAN screen or the number. See