3com 3CRWX120695A WXR100 用户手册
206
C
HAPTER
6: C
ONFIGURING
WX S
YSTEM
P
ARAMETERS
Viewing and
Configuring VLANs
Configuring VLANs
A virtual LAN (VLAN) is a Layer 2 broadcast domain that can span multiple
wired or wireless LAN segments. Each VLAN is a separate logical network,
and, if you configure IP interfaces on the VLANs, MSS treats each VLAN
as a separate IP subnet.
wired or wireless LAN segments. Each VLAN is a separate logical network,
and, if you configure IP interfaces on the VLANs, MSS treats each VLAN
as a separate IP subnet.
You configure VLANs on a WX switch’s network ports by configuring
them on the switch itself. You configure a VLAN by assigning a name and
network ports to the VLAN. Optionally, you can assign VLAN tag values
on individual network ports. You can configure multiple VLANs on a WX
switch’s network port. Optionally, each VLAN can have an IP address.
them on the switch itself. You configure a VLAN by assigning a name and
network ports to the VLAN. Optionally, you can assign VLAN tag values
on individual network ports. You can configure multiple VLANs on a WX
switch’s network port. Optionally, each VLAN can have an IP address.
You do not need to configure VLANs on MAP access ports or wired
authentication ports, because the VLAN membership of these types of
ports is determined dynamically through the authentication and
authorization process. Users who require authentication connect through
WX ports that are configured for MAPs or wired authentication access.
Users are assigned to VLANs automatically through authentication and
authorization mechanisms such as 802.1X.
authentication ports, because the VLAN membership of these types of
ports is determined dynamically through the authentication and
authorization process. Users who require authentication connect through
WX ports that are configured for MAPs or wired authentication access.
Users are assigned to VLANs automatically through authentication and
authorization mechanisms such as 802.1X.
By default, none of a WX switch’s ports are in VLANs. A switch cannot
forward traffic on the network until you configure VLANs and add
network ports to those VLANs.
forward traffic on the network until you configure VLANs and add
network ports to those VLANs.
Users and VLANs
When a user successfully authenticates to the network, the user is
assigned to a specific VLAN. A user remains associated with the same
VLAN throughout the user’s session on the network, even when roaming
from one WX switch to another within the Mobility Domain.
assigned to a specific VLAN. A user remains associated with the same
VLAN throughout the user’s session on the network, even when roaming
from one WX switch to another within the Mobility Domain.
You assign a user to a VLAN by setting one of the following attributes on
the RADIUS servers or in the local WX user database:
the RADIUS servers or in the local WX user database:
Tunnel-Private-Group-ID—This attribute is described in RFC 2868,
RADIUS Attributes for Tunnel Protocol Support.
RADIUS Attributes for Tunnel Protocol Support.
VLAN-Name—This attribute is a 3Com vendor-specific attribute (VSA).
You cannot configure the Tunnel-Private-Group-ID attribute in the local
user database.
user database.
Specify the VLAN name, not the number. If both attributes are used, the
WX uses the VLAN name in the VLAN-Name attribute.
WX uses the VLAN name in the VLAN-Name attribute.