Cisco Systems OL-6415-04 Assigning Names to VLANs, Using a RADIUS Server to Assign Users to VLANs

8-7

Cisco Wireless ISR and HWIC Access Point Configuration Guide

OL-6415-04

Chapter 8 Configuring VLANs

Configuring VLANs

Assigning Names to VLANs

You can assign a name to a VLAN in addition to its numerical ID. VLAN names can contain up to 32

ASCII characters. The access point stores each VLAN name and ID pair in a table.

Keep these guidelines in mind when using VLAN names:

• The mapping of a VLAN name to a VLAN ID is local to each access point, so across your network,

you can assign the same VLAN name to a different VLAN ID.

Note If clients on your wireless LAN require seamless roaming, Cisco recommends that you assign

the same VLAN name to the same VLAN ID across all access points, or that you use only VLAN

IDs without names.

• Every VLAN configured on your access point must have an ID, but VLAN names are optional.

• VLAN names can contain up to 32 ASCII characters. However, a VLAN name cannot be a number

between 1 and 4095. For example, vlan4095 is a valid VLAN name, but 4095 is not. The access point

reserves the numbers 1 through 4095 for VLAN IDs.

Beginning in privileged EXEC mode, follow these steps to assign a name to a VLAN:

Command Purpose

Step 1 configure terminal Enter global configuration mode.

Step 2 dot11 vlan-name name vlan vlan-id Assign a VLAN name to a VLAN ID. The name can contain up

to 32 ASCII characters.

Step 3 end Return to privileged EXEC mode.

Step 4 copy running-config startup-config (Optional) Save your entries in the configuration file.

Use the no form of the command to remove the name from the VLAN. Use the show dot11 vlan-name

privileged EXEC command to list all the VLAN name and ID pairs configured on the access point.

Using a RADIUS Server to Assign Users to VLANs

You can configure your RADIUS authentication server to assign users or groups of users to a specific

VLAN when they authenticate to the network.

Note Unicast and multicast cipher suites advertised in WPA information element (and negotiated during

802.11 association) may potentially mismatch with the cipher suite supported in an explicitly assigned

VLAN. If the RADIUS server assigns a new vlan ID which uses a different cipher suite from the

previously negotiated cipher suite, there is no way for the access point and client to switch back to the