Advanced Configuration
BreezeMAX Wi² and BreezeACCESS Wi² System Manual 65
When VLAN support is disabled, the AP does not tag traffic passed to the wired
network and ignores the VLAN tags on any received frames.
Using IEEE 802.1X and a central RADIUS server, up to 64 VLAN IDs can be
mapped to specific wireless clients, allowing users to remain within the same
VLAN as they move around a campus site. This feature can also be used to control
access to network resources from clients, thereby improving security.
A VLAN ID (1-4094) can be assigned to a client after successful IEEE 802.1X
authentication. The client VLAN IDs must be configured on the RADIUS server for
each user authorized to access the network. If a client does not have a configured
VLAN ID on the RADIUS server, the AP assigns the client to the configured default
VLAN ID for the VAP interface.
When setting up VLAN IDs for each user on the RADIUS server, be sure to use the
RADIUS attributes and values as indicated Table 4-2.
VLAN IDs on the RADIUS server can be entered as hexadecimal digits or a string
(see “radius-server vlan-format” on page 193).
NOTE
Before enabling VLAN tagging on the AP, be sure to configure the backhaul system to support
tagged VLAN frames from the AP’s management VLAN ID, default VLAN IDs, and other client
VLAN IDs. Otherwise, connectivity to the AP will be lost when you enable the VLAN feature.
NOTE
When using IEEE 802.1X to dynamically assign VLAN IDs, the AP must have 802.1X authentication
enabled and a RADIUS server configured. Wireless clients must also support 802.1X client
software.
Table 4-2: RADIUS Attributes
Number RADIUS Attribute Value
64 Tunnel-Type VLAN (13)
65 Tunnel-Medium-Type 802
81 Tunnel-Private-Group-ID VLANID
(1 to 4094 as hexadecimal or string)
NOTE
The specific configuration of RADIUS server software is beyond the scope of this manual. Refer to
the documentation provided with the RADIUS server software.