Chapter 20 VLAN

ZyXEL uses the following standard RADIUS attributes returned from Microsoft’s IAS RADIUS service to place the wireless station into the correct VLAN:

Table 79 Standard RADIUS Attributes

ATTRIBUTE NAME

TYPE

VALUE

 

 

 

Tunnel-Type

064

13 (decimal) – VLAN

 

 

 

Tunnel-Medium-Type

065

6 (decimal) – 802

 

 

 

Tunnel-Private-

081

<vlan-name> (string) – either the Name you enter in

Group-ID

 

the NWA’s VLAN > RADIUS VLAN screen or the

 

 

number. See Figure 155 on page 261.

 

 

 

The following occurs under Dynamic VLAN Assignment:

1When you configure your wireless credentials, the NWA sends the information to the IAS server using RADIUS protocol.

2Authentication by the RADIUS server is successful.

3The RADIUS server sends three attributes related to this feature.

4The NWA compares these attributes with the VLAN screen mapping table.

4a If the Name, for example “VLAN 20” is found, the mapped VLAN ID is used.

4b If the Name is not found in the mapping table, the string in the Tunnel- Private-Group-IDattribute is considered as a number ID format, for example 2493. The range of the number ID (Name:string) is between 1 and 4094.

4c If a or b are not matched, the NWA uses the VLAN ID configured in the WIRELESS VLAN screen and the wireless station. This VLAN ID is independent and hence different to the ID in the VLAN screen.

20.3.3.1 Configuring VLAN Groups

To configure a VLAN group you must first define the VLAN Groups on the Active Directory server and assign the user accounts to each VLAN Group.

1Using the Active Directory Users and Computers administrative tool, create the VLAN Groups that will be used for each VLAN ID. One VLAN Group must be created for each VLAN defined on the NWA. The VLAN Groups must be created as Global/Security groups.

1a Type a name for the VLAN Group that describes the VLAN Group’s function.

1b Select the Global Group scope parameter check box.

254

 

NWA-3500/NWA-3550 User’s Guide