Advanced configuration 6-27 – SMC Networks ElliteConnect 2.4GHz/5GHz User Manual

Advanced Configuration

6-27

traffic that has an unknown VLAN ID or no VLAN tag is dropped.
When VLAN support is disabled, the wireless bridge does not tag
traffic passing to the wired network and ignores the VLAN tags on
any received frames.

Note: Before enabling VLANs on the

wireless bridge

, you must configure

the connected LAN switch port to accept tagged VLAN packets
with the

wireless bridge

’s native VLAN ID. Otherwise, connectivity

to the

wireless bridge

will be lost when you enable the VLAN

feature.

Up to 64 VLAN IDs can be mapped to specific wireless clients,
allowing users to remain within the same VLAN as they move
around a campus site. This feature can also be used to control
access to network resources from wireless clients, thereby
improving security.

A VLAN ID (1-4094) is assigned to a client after successful
authentication using IEEE 802.1X and a central RADIUS server.
The user VLAN IDs must be configured on the RADIUS server for
each user authorized to access the network. If a user does not
have a configured VLAN ID, the access point assigns the user to
its own configured native VLAN ID.

When setting up VLAN IDs for each user on the RADIUS server,
be sure to use the RADIUS attributes and values as indicated in
the following table.

Number

RADIUS Attribute

Value

64

Tunnel-Type

VLAN (13)

65

Tunnel-Medium-Type

802

81 Tunnel-Private-Group

VLANID
(1 to 4094 in
hexadecimal)