Performing Advanced Configuration

server used depends on whether the authentication is done for an 802.1x client or non-802.1x client. The clients in VLAN 2 are authenticated using a different set of authentication servers configured for authenticating users in VLAN 2.

Authentication servers for each VLAN are configured as part of the configuration options for that VLAN. You can also configure authentication servers on a system-wide basis; these are called the default authentication servers. For each VLAN, the user could opt to use the default authentication servers, or to configure separate authentication servers to be used for a particular authentication type in that VLAN.

RADIUS-based VLAN Assignment

Radius-based VLAN assignment

The AP currently supports two methods of assigning a wireless client a VLAN ID. The wireless client can either be assigned the static VLAN ID configured for the SSID the wireless client is associated to, or the wireless client can be assigned a VLAN ID which is returned by the RADIUS server during authentication.

A VLAN ID can only be assigned to a wireless client by a RADIUS server if they are associated to an SSID that is configured to a RADIUS-based authentication security mode/protocol (802.1X, WPA, 802.11i/WPA2, and RADIUS based MAC Address Authentication). If the wireless client is associated to an SSID that does not provide RADIUS-based authentication (such as None, WEP, WPA-PSK, and 802.11i/WPA2-PSK), then the wireless client will be assigned the static VLAN ID configured for respective SSID. See SSID/VLAN/Security for more information.

RADIUS Servers Enforcing VLAN Access Control

A RADIUS server can be used to enforce VLAN access control in two ways:

Authorize the SSID the client uses to connect to the AP. The SSID determines the VLAN that the client gets assigned to.

Assigning the user to a VLAN by specifying the VLAN membership information of the user.

Configuring RADIUS Profiles

A RADIUS server Profile consists of a Primary and a Secondary RADIUS server that get assigned to act as either MAC Authentication servers, 802.1x/EAP Authentication servers, or Accounting Servers in the VLAN Configuration. Refer to SSID/VLAN/Security.

The RADIUS Profiles tab allows you to add new RADIUS profiles or modify or delete existing profiles.

Figure 4-21 RADIUS Server Profiles

79

Page 78 Page 80
Page 79
Image 79
Proxim AP-2000 Configuring Radius Profiles, RADIUS-based Vlan Assignment, Radius Servers Enforcing Vlan Access Control
Page 78 Page 80
Top Page Image Contents