Filter
Top Products
8-8
Cisco Wireless ISR and HWIC Access Point Configuration Guide
OL-6415-04
Chapter 8 Configuring VLANs
Configuring VLANs
new cipher suite. Currently, the WPA protocol does not allow the cipher suite to be changed after the
initial 802.11 cipher negotiation phase. In this scenario, the client device is disassociated from the
wireless LAN.
The VLAN-mapping process consists of these steps:
1. A client device associates to the access point using any SSID configured on the access point.
2. The client begins RADIUS authentication.
3. When the client authenticates successfully, the RADIUS server maps the client to a specific VLAN,
regardless of the VLAN mapping defined for the SSID the client is using on the access point. If the
server does not return any VLAN attribute for the client, the client is assigned to the VLAN specified
by the SSID mapped locally on the access point.
These are the RADIUS user attributes used for vlan-id assignment. Each attribute must have a common
tag value between 1 and 31 to identify the grouped relationship.
• IETF 64 (Tunnel Type): Set this attribute to VLAN
• IETF 65 (Tunnel Medium Type): Set this attribute to 802
• IETF 81 (Tunnel Private Group ID): Set this attribute to vlan-id
Viewing VLANs Configured on the Access Point
In privileged EXEC mode, use the show vlan command to view the VLANs that the access point
supports. This is sample output from a show vlan command:
Virtual LAN ID: 1 (IEEE 802.1Q Encapsulation)
vLAN Trunk Interfaces: Dot11Radio0
FastEthernet0
Virtual-Dot11Radio0
This is configured as native Vlan for the following interface(s) :
Dot11Radio0
FastEthernet0
Virtual-Dot11Radio0
Protocols Configured: Address: Received: Transmitted:
Bridging Bridge Group 1 201688 0
Bridging Bridge Group 1 201688 0
Bridging Bridge Group 1 201688 0
Virtual LAN ID: 2 (IEEE 802.1Q Encapsulation)
vLAN Trunk Interfaces: Dot11Radio0.2
FastEthernet0.2
Virtual-Dot11Radio0.2
Protocols Configured: Address: Received: Transmitted: