NETGEAR WFS709TP-100NAS Switch User Manual


 
WFS709TP ProSafe Smart Wireless Switch Software Administration Manual
Overview of the WFS709TP 1-13
v1.0, June 2007
4. The VLAN is derived from attributes returned by the authentication server (server-derived
rule). Within a set of server-derived rules, a rule that derives a specific VLAN takes
precedence over a rule that derives a user role that may have a VLAN configured for it.
5. The VLAN is derived from Microsoft Tunnel attributes (Tunnel-Type, Tunnel Medium Type,
and Tunnel Private Group ID). All three attributes must be present. This does not require any
server-derived rule.
6. The VLAN is derived from NETGEAR vendor-specific attributes (VSAs) for RADIUS server
authentication. This does not require any server-derived rule.
If a NETGEAR VSA is present, it overrides any previous VLAN assignment.
Wireless Client Access to the WLAN
Wireless clients communicate through a WLAN with the wired network and other wireless clients
in a WFS709TP system. There are two phases to the process by which a wireless client gains
access to a WLAN:
1. Association of the radio network interface card (NIC) in the PC with an AP, as described by
the IEEE 802.11 standard. This association allows data link (Layer 2) connectivity.
2. Authentication of the client/user before network access is allowed.
Association
APs send out beacons that contain the SSIDs of specific WLANs; the user can select the network
they want to join. Wireless clients can also send out probes to locate a WLAN within range or to
locate a specific SSID, and APs within range of the client respond. Along with the SSID, an AP
also sends out the following information:
Data rates supported by the WLAN. Clients can determine which WLAN to associate with
based on the supported data rate.
WLAN requirements for the client. For example, clients may need to use TKIP for encrypting
data transmitted on the WLAN.