Chapter 16 VLAN

The following table describes the labels in this screen.

Table 71 RADIUS VLAN

LABEL

DESCRIPTION

Block station if

Select this to have the ZyXEL Device forbid access to wireless clients when

RADIUS server assign

the VLAN attributes sent from the RADIUS server do not match a configured

VLAN name error!

Name field.

 

When you select this check box, only users with names configured in this

 

screen can access the network through the ZyXEL Device.

 

 

VLAN Mapping Table

Use this table to map names to VLAN IDs so that the RADIUS server can

 

assign each user or user group a mapped VLAN ID. See your RADIUS server

 

documentation for more information on configuring VLAN ID attributes.

 

See Section 16.2.4 on page 188 for more information.

 

 

Index

Select a check box to enable the VLAN mapping profile.

 

 

ID

Type a VLAN ID. Incoming traffic from the WLAN is authorized and assigned

 

a VLAN ID before it is sent to the LAN.

 

 

Name

Type a name to have the ZyXEL Device check for specific VLAN attributes on

 

incoming messages from the RADIUS server. Access-accept packets sent by

 

the RADIUS server contain VLAN related attributes. The configured Name

 

fields are checked against these attributes. If a configured Name field

 

matches these attributes, the corresponding VLAN ID is added to packets

 

sent from this user to the LAN.

 

If the VLAN-related attributes sent by the RADIUS server do not match a

 

configured Name field, a wireless station is assigned the wireless VLAN ID

 

associated with its SSID (unless the Block station if RADIUS server assign

 

VLAN error! check box is selected).

 

 

Apply

Click Apply to save your changes to the ZyXEL Device.

 

 

Reset

Click Reset to begin configuring this screen afresh.

 

 

16.2.3 Configuring Management VLAN Example

This section shows you how to create a VLAN on an Ethernet switch.

By default, the port on the ZyXEL Device is a member of the management VLAN (VLAN ID 1). The following procedure shows you how to configure a tagged VLAN.

"Use the out-of-band management port or console port to configure the switch if you misconfigure the management VLAN and lock yourself out from performing in-band management.

On an Ethernet switch, create a VLAN that has the same management VLAN ID as the ZyXEL Device. The following figure has the ZyXEL Device connected to port 2 of the switch and your computer connected to port 1. The management VLAN ID is ten.

 

185

ZyXEL NWA-3160 Series User’s Guide