Nortel 2350 参考指南
Configuring WSS System Parameters 197
Nortel WLAN—Management Software 2300 Series Reference Guide
You configure VLANs on a WSS’s network ports by configuring them on the switch itself. You configure a VLAN by
assigning a name and network ports to the VLAN. Optionally, you can assign VLAN tag values on individual network
ports. You can configure multiple VLANs on a WSS’s network port. Optionally, each VLAN can have an IP address.
assigning a name and network ports to the VLAN. Optionally, you can assign VLAN tag values on individual network
ports. You can configure multiple VLANs on a WSS’s network port. Optionally, each VLAN can have an IP address.
You do not need to configure VLANs on AP access ports or wired authentication ports, because the VLAN membership
of these types of ports is determined dynamically through the authentication and authorization process. Users who
require authentication connect through WSS ports that are configured for APs or wired authentication access. Users are
assigned to VLANs automatically through authentication and authorization mechanisms such as 802.1X.
of these types of ports is determined dynamically through the authentication and authorization process. Users who
require authentication connect through WSS ports that are configured for APs or wired authentication access. Users are
assigned to VLANs automatically through authentication and authorization mechanisms such as 802.1X.
By default, none of an WSS switch’s ports are in VLANs. A switch cannot forward traffic on the network until you
configure VLANs and add network ports to those VLANs.
configure VLANs and add network ports to those VLANs.
Users and VLANs
When a user successfully authenticates to the network, the user is assigned to a specific VLAN. A user remains associ-
ated with the same VLAN throughout the user’s session on the network, even when roaming from one WSS to another
within the Mobility Domain.
ated with the same VLAN throughout the user’s session on the network, even when roaming from one WSS to another
within the Mobility Domain.
You assign a user to a VLAN by setting one of the following attributes on the RADIUS servers or in the local WSS user
database:
database:
•
Tunnel-Private-Group-ID—This attribute is described in RFC 2868, RADIUS Attributes for Tunnel Protocol
Support.
Support.
•
VLAN-Name—This attribute is a Nortel vendor-specific attribute (VSA).
Specify the VLAN name, not the number. If both attributes are used, the WSS uses the VLAN name in the VLAN-Name
attribute.
attribute.
Roaming and VLANs
WSS switches in a Mobility Domain contain a user’s traffic within the VLAN the user is assigned to. For example, if
you assign a user to VLAN red, the WSS switches in the Mobility Domain contain the user’s traffic within VLAN red
configured on the switches.
you assign a user to VLAN red, the WSS switches in the Mobility Domain contain the user’s traffic within VLAN red
configured on the switches.
The WSS through which a user is authenticated must be a member of the Mobility Domain the user is assigned to.
However, you are not required to configure the VLAN on all WSS switches in the Mobility Domain. When a user roams
to a switch that is not a member of the VLAN the user is assigned to, the switch can tunnel traffic for the user through
another switch that is a member of the VLAN. (For more information about Mobility Domains, see
However, you are not required to configure the VLAN on all WSS switches in the Mobility Domain. When a user roams
to a switch that is not a member of the VLAN the user is assigned to, the switch can tunnel traffic for the user through
another switch that is a member of the VLAN. (For more information about Mobility Domains, see
.)
Note.
You cannot configure the Tunnel-Private-Group-ID attribute in the local user
database.
Note.
Because the default VLAN might not be in the same subnet on each switch, Nortel
recommends that you do not rename the default VLAN or use it for user traffic. Instead,
configure other VLANs for user traffic.
configure other VLANs for user traffic.