3Com 3CRWX120695A WXR100, 3CRWXR10095A, WX4400 3CRWX440095A WX1200 Viewing and Configuring VLANs

206 CHAPTER 6: CONFIGURING WX SYSTEM PARAMETERS

Viewing and Configuring VLANs

A virtual LAN (VLAN) is a Layer 2 broadcast domain that can span multiple

wired or wireless LAN segments. Each VLAN is a separate logical network,

and, if you configure IP interfaces on the VLANs, MSS treats each VLAN

as a separate IP subnet.

You configure VLANs on a WX switch’s network ports by configuring

them on the switch itself. You configure a VLAN by assigning a name and

network ports to the VLAN. Optionally, you can assign VLAN tag values

on individual network ports. You can configure multiple VLANs on a WX

switch’s network port. Optionally, each VLAN can have an IP address.

You do not need to configure VLANs on MAP access ports or wired

authentication ports, because the VLAN membership of these types of

ports is determined dynamically through the authentication and

authorization process. Users who require authentication connect through

WX ports that are configured for MAPs or wired authentication access.

Users are assigned to VLANs automatically through authentication and

authorization mechanisms such as 802.1X.

By default, none of a WX switch’s ports are in VLANs. A switch cannot

forward traffic on the network until you configure VLANs and add

network ports to those VLANs.

Users and VLANs

When a user successfully authenticates to the network, the user is

assigned to a specific VLAN. A user remains associated with the same

VLAN throughout the user’s session on the network, even when roaming

from one WX switch to another within the Mobility Domain.

You assign a user to a VLAN by setting one of the following attributes on

the RADIUS servers or in the local WX user database:

Tunnel-Private-Group-ID—This attribute is described in RFC 2868,

RADIUS Attributes for Tunnel Protocol Support.

VLAN-Name—This attribute is a 3Com vendor-specific attribute (VSA).

You cannot configure the Tunnel-Private-Group-ID attribute in the local

user database.

Specify the VLAN name, not the number. If both attributes are used, the

WX uses the VLAN name in the VLAN-Name attribute.