Using a radius server to assign users to vlans – Rockwell Automation 1783-WAPxxx Stratix 5100 Wireless Access Point User Manual User Manual

Page 448

Advertising
background image

448

Rockwell Automation Publication 1783-UM006A-EN-P - May 2014

Chapter 15

Configuring VLANs

VLAN names can contain up to 32 ASCII characters. However, a VLAN

name cannot be a number between 1…4095. For example,

vlan4095 is a

valid VLAN name, but

4095 is not. The access point reserves the numbers

1…4095 for VLAN IDs.

Creating a VLAN Name

Beginning in privileged EXEC mode, follow these steps to assign a name to a
VLAN:

1. Enter global configuration mode.

configure terminal

2. Assign a VLAN name to a VLAN ID. The name can contain up to 32

ASCII characters.

dot11 vlan-name name vlan vlan-id

3. Return to privileged EXEC mode.

end

4. (Optional) Save your entries in the configuration file.

copy running-config startup-config

Use the

no

form of the command to remove the name from the VLAN. Use the

show dot11 vlan-name

privileged EXEC command to list all the VLAN

name and ID pairs configured on the access point.

Using a RADIUS Server to Assign Users to VLANs

You can configure your RADIUS authentication server to assign users or groups
of users to a specific VLAN when they authenticate to the network.

Unicast and multicast cipher suites advertised in WPA information element (and
negotiated during 802.11 association) can potentially mismatch with the cipher
suite supported in an explicitly assigned VLAN. If the RADIUS server assigns a
new vlan ID that uses a different cipher suite from the previously negotiated
cipher suite, there is no way for the access point and client to switch back to the
new cipher suite. Currently, the WPA and CCKM protocols don’t allow the
cipher suite to be changed after the initial 802.11 cipher negotiation phase. In
this scenario, the client device is disassociated from the wireless LAN.

The VLAN-mapping process consists of these steps:

1. A client device associates to the access point by using any SSID configured

on the access point.

2. The client begins RADIUS authentication.

Advertising
Popular Brands
Popular manuals