3 configuring management vlan example, Table 70 radius vlan – ZyXEL Communications ZyXEL ZyAIR NWA-3500 User Manual

Chapter 16 VLAN

ZyXEL NWA-3500 User’s Guide

191

The following table describes the labels in this screen.

16.2.3 Configuring Management VLAN Example

This section shows you how to create a VLAN on an Ethernet switch.
By default, the port on the ZyXEL Device is a member of the management VLAN (VLAN ID
1). The following procedure shows you how to configure a tagged VLAN.

Note: Use the out-of-band management port or console port to configure the switch if

you misconfigure the management VLAN and lock yourself out from performing
in-band management.

On an Ethernet switch, create a VLAN that has the same management VLAN ID as the
ZyXEL Device. The following figure has the ZyXEL Device connected to port 2 of the switch
and your computer connected to port 1. The management VLAN ID is ten.

Table 70 RADIUS VLAN

LABEL

DESCRIPTION

Block station if

RADIUS server assign

VLAN name error!

Select this to have the ZyXEL Device forbid access to wireless clients when

the VLAN attributes sent from the RADIUS server do not match a configured

Name field.
When you select this check box, only users with names configured in this

screen can access the network through the ZyXEL Device.

VLAN Mapping Table

Use this table to map names to VLAN IDs so that the RADIUS server can

assign each user or user group a mapped VLAN ID. See your RADIUS server

documentation for more information on configuring VLAN ID attributes.
See

Section 16.2.4 on page 194

for more information.

Index

Select a check box to enable the VLAN mapping profile.

ID

Type a VLAN ID. Incoming traffic from the WLAN is authorized and assigned

a VLAN ID before it is sent to the LAN.

Name

Type a name to have the ZyXEL Device check for specific VLAN attributes on

incoming messages from the RADIUS server. Access-accept packets sent by

the RADIUS server contain VLAN related attributes. The configured Name

fields are checked against these attributes. If a configured Name field matches

these attributes, the corresponding VLAN ID is added to packets sent from this

user to the LAN.
If the VLAN-related attributes sent by the RADIUS server do not match a

configured Name field, a wireless station is assigned the wireless VLAN ID

associated with its SSID (unless the Block station if RADIUS server assign

VLAN error! check box is selected).

Apply

Click Apply to save your changes to the ZyXEL Device.

Reset

Click Reset to begin configuring this screen afresh.