Cisco Systems OL-6415-04 manual Viewing VLANs Configured on the Access Point

Chapter 8 Configuring VLANs

Configuring VLANs

new cipher suite. Currently, the WPA protocol does not allow the cipher suite to be changed after the initial 802.11 cipher negotiation phase. In this scenario, the client device is disassociated from the wireless LAN.

The VLAN-mapping process consists of these steps:

1.A client device associates to the access point using any SSID configured on the access point.

2.The client begins RADIUS authentication.

3.When the client authenticates successfully, the RADIUS server maps the client to a specific VLAN, regardless of the VLAN mapping defined for the SSID the client is using on the access point. If the server does not return any VLAN attribute for the client, the client is assigned to the VLAN specified by the SSID mapped locally on the access point.

These are the RADIUS user attributes used for vlan-id assignment. Each attribute must have a common tag value between 1 and 31 to identify the grouped relationship.

•IETF 64 (Tunnel Type): Set this attribute to VLAN

•IETF 65 (Tunnel Medium Type): Set this attribute to 802

•IETF 81 (Tunnel Private Group ID): Set this attribute to vlan-id

Viewing VLANs Configured on the Access Point

In privileged EXEC mode, use the show vlan command to view the VLANs that the access point supports. This is sample output from a show vlan command:

Virtual LAN ID: 1 (IEEE 802.1Q Encapsulation)

vLAN Trunk Interfaces: Dot11Radio0

FastEthernet0

Virtual-Dot11Radio0

This is configured as native Vlan for the following interface(s) :

Dot11Radio0

FastEthernet0

Virtual-Dot11Radio0

Virtual LAN ID: 2 (IEEE 802.1Q Encapsulation)

vLAN Trunk Interfaces: Dot11Radio0.2

FastEthernet0.2

Virtual-Dot11Radio0.2

Cisco Wireless ISR and HWIC Access Point Configuration Guide