190CHAPTER 5: CONFIGURING WX SYSTEM AND ADMINISTRATIVE PARAMETERS

You do not need to configure VLANs on MAP access ports or wired authentication ports, because the VLAN membership of these types of ports is determined dynamically through the authentication and authorization process. Users who require authentication connect through WX ports that are configured for MAP access points or wired authentication access. Users are assigned to VLANs automatically through authentication and authorization mechanisms such as 802.1X.

By default, none of a WX switch’s ports are in VLANs. A WX switch cannot forward traffic on the network until you configure VLANs and add network ports to those VLANs.

VLANs, IP Subnets, Generally, VLANs are equivalent to IP subnets. If a WX is connected to the and IP Addressing network by only one IP subnet, the WX must have at least one VLAN

configured. Optionally, each VLAN can have its own IP address. However, no two IP addresses on the WX switch can belong to the same IP subnet.

You must assign the system IP address to one of the VLANs, to allow communications between WX switches and for unsolicited communications such as SNMP notifications (traps) and RADIUS accounting messages. Any IP address configured on a WX switch can be used for management access unless explicitly restricted.

Users and VLANs When a user successfully authenticates to the network, the user is assigned to a specific VLAN. A user remains associated with the same VLAN throughout the user’s session on the network, even when roaming from one WX switch to another within the Mobility Domain.

You assign a user to a VLAN by setting one of the following attributes on the RADIUS servers or in the local WX user database:

„Tunnel-Private-Group-ID— This attribute is described in RFC 2868, RADIUS Attributes for Tunnel Protocol Support.

„VLAN-Name— This attribute is a 3Com vendor-specific attribute (VSA).

You cannot configure the Tunnel-Private-Group-ID attribute in the local user database.

Specify the VLAN name, not the number. If both attributes are used, the

WX uses the VLAN name in the VLAN-Name attribute.

Page 190
Image 190
HP Manager Software manual Configuring WX System and Administrative Parameters