Rockwell Automation 1783-WAPxxx Stratix 5100 Wireless Access Point User Manual User Manual

296

Rockwell Automation Publication 1783-UM006A-EN-P - May 2014

Chapter 8

Configuring Multiple SSIDs

When a client associates and the RADIUS server determines that it is unhealthy,
the server returns one of the quarantine NAC VLANs in its RADIUS
authentication response for

dot1x

authentication. This VLAN must be one of

the configured back-up VLANs under the client SSID. If the VLAN is not one of
the configured back-up VLANs, the client is disassociated.

Data corresponding to the all the back-up VLANs are sent and received by using
the BSSID that is assigned to the SSID. Therefore, all clients (healthy and
unhealthy) listening to the BSSID corresponding the SSID wake up. Based on
the multicast key being used corresponding to the VLAN (healthy or unhealthy),
packet decrypting takes place on the client. Wired side traffic is segregated
because different VLANs are used, thereby ensuring that traffic from infected
and uninfected clients don’t mix.

A new keyword,

backup

, is added to the existing

vlan <name> | <id>

under dot11 ssid <ssid>

as described below:

vlan <name>|<id> [backup <name>|<id>, <name>|<id>,

<name>|<id>