beautypg.com

Vlan, Vlan 6-19 – SMC Networks SMC2552W-G2-17 User Manual

Page 66

background image

Advanced Configuration

6-19

6

VLAN

The access point can employ VLAN tagging support to control access to network
resources and increase security. VLANs separate traffic passing between the
access point, associated clients, and the wired network. There can be a VLAN
assigned to each associated client, a default VLAN for each VAP (Virtual Access
Point) interface, and a management VLAN for the access point.

Note the following points about the access point’s VLAN support:

• The management VLAN is for managing the access point through remote

management tools, such as the web interface, SSH, SNMP, or Telnet. The access
point only accepts management traffic that is tagged with the specified
management VLAN ID.

• All wireless clients associated to the access point are assigned to a VLAN. If IEEE

802.1X is being used to authenticate wireless clients, specific VLAN IDs can be
configured on the RADIUS server to be assigned to each client. If a client is not
assigned to a specific VLAN or if 802.1X is not used, the client is assigned to the
default VLAN for the VAP interface with which it is associated. The access point
only allows traffic tagged with assigned VLAN IDs or default VLAN IDs to access
clients associated on each VAP interface.

• When VLAN support is enabled on the access point, traffic passed to the wired

network is tagged with the appropriate VLAN ID, either an assigned client VLAN
ID, default VLAN ID, or the management VLAN ID. Traffic received from the wired
network must also be tagged with one of these known VLAN IDs. Received traffic
that has an unknown VLAN ID or no VLAN tag is dropped.

• When VLAN support is disabled, the access point does not tag traffic passed to the

wired network and ignores the VLAN tags on any received frames.

Note:

Before enabling VLAN tagging on the access point, be sure to configure the
attached network switch port to support tagged VLAN frames from the access
point’s management VLAN ID, default VLAN IDs, and other client VLAN IDs.
Otherwise, connectivity to the access point will be lost when you enable the VLAN
feature.

Using IEEE 802.1X and a central RADIUS server, up to 64 VLAN IDs can be
mapped to specific wireless clients, allowing users to remain within the same VLAN
as they move around a campus site. This feature can also be used to control access
to network resources from clients, thereby improving security.

A VLAN ID (1-4094) can be assigned to a client after successful IEEE 802.1X
authentication. The client VLAN IDs must be configured on the RADIUS server for
each user authorized to access the network. If a client does not have a configured
VLAN ID on the RADIUS server, the access point assigns the client to the
configured default VLAN ID for the VAP interface.

Note:

When using IEEE 802.1X to dynamically assign VLAN IDs, the access point must
have 802.1X authentication enabled and a RADIUS server configured. Wireless
clients must also support 802.1X client software.

This manual is related to the following products: