Viewing vlans configured on the access point – Rockwell Automation 1783-WAPxxx Stratix 5100 Wireless Access Point User Manual User Manual

Rockwell Automation Publication 1783-UM006A-EN-P - May 2014

449

Configuring VLANs

Chapter 15

3. When the client authenticates successfully, the RADIUS server maps the

client to a specific VLAN, regardless of the VLAN mapping defined for
the SSID the client is using on the access point. If the server does not
return any VLAN attribute for the client, the client is assigned to the
VLAN specified by the SSID mapped locally on the access point.

These are the RADIUS user attributes used for vlan-id assignment. Each
attribute must have a common tag value between 1…31 to identify the grouped
relationship.

• IETF 64 (Tunnel Type): Set this attribute to VLAN.

• IETF 65 (Tunnel Medium Type): Set this attribute to 802.

• IETF 81 (Tunnel Private Group ID): Set this attribute to vlan-id.

Using a RADIUS Server for Dynamic Mobility Group Assignment

You can configure a RADIUS server to dynamically assign mobility groups to
users or user groups. This eliminates the need to configure multiple SSIDs on the
access point. Instead, you need to configure only one SSID per access point.

When users associate to the SSID, the access point passes their login information
to WLSM, that passes the information to the RADIUS server. Based on the login
information, the RADIUS server assigns the users to the appropriate mobility
group and sends their credentials back.

To enable dynamic mobility group assignment, you need to configure the
following attributes on the RADIUS server:

• Tunnel-Type (64)

• Tunnel-Medium-Type (65)

• Tunnel-Private-Group-ID (81)

Viewing VLANs Configured on the Access Point

In privileged EXEC mode, use the

show vlan

command to view the VLANs

that the access point supports. This is sample output from a

show vlan

command:

Virtual LAN ID: 1 (IEEE 802.1Q Encapsulation)

vLAN Trunk Interfaces: Dot11Radio0

FastEthernet0

Virtual-Dot11Radio0