1. Manuals
  2. Brands
  3. AMX Manuals
  4. Controller
  5. NXA-WAPZD1000
  6. Operation/reference manual

How Dynamic Vlan Works - AMX NXA-WAPZD1000 Operation/Reference Manual

Zonedirector smart wlan controller
Hide thumbs
Table of Contents

Advertisement

Configure Tab
The NXA-WAPZD1000 will need to be rebooted after changing management VLAN
settings.
8.
Go to Administer > Restart, and click Restart to reboot the NXA-WAPZD1000.
When configuring or updating the management VLAN settings, make sure that the
same VLAN settings are applied on the Configure > Access Points > Access Point
Policies > Management VLAN page, if APs exist on the same VLAN as the NXA-
WAPZD1000.

How Dynamic VLAN Works

By default, all wireless clients associated with APs managed by the NXA-WAPZD1000 are segmented into a
single VLAN (with VLAN ID 1). If you want to segment wireless clients into different VLANs (for example,
for security purposes), you can enable dynamic VLAN.
Dynamic VLAN allows the NXA-WAPZD1000 to separate wireless clients into different network segments
based on the VLAN ID that is assigned to each wireless user on the RADIUS server. As such, dynamic VLAN
is implemented on a per-user basis.
Dynamic VLAN requirements:



How Dynamic VLAN works:
1.
User associates with a WLAN on which Dynamic VLAN has been enabled.
2.
The AP requires the user to authenticate with the RADIUS server via the NXA-WAPZD1000.
3.
When the user completes the authentication process, the NXA-WAPZD1000 sends the join approval for
the user to the AP, along with the VLAN ID that has been assigned to the user on the RADIUS server.
4.
User joins the AP and is segmented to the VLAN ID that has been assigned to him.
For dynamic VLAN to work, you must configure the following RADIUS attributes for each user:



Depending on your RADIUS setup, you may also need to include the user name or the MAC address of the
wireless device that the user will be using to associate with the AP.
RADIUS user attributes related to dynamic VLAN
Attribute
Tunnel-Type
Tunnel-Media-Type
Tunnel-Private-Group-Id
Here is an example of the required attributes for three users as defined on Free RADIUS:
0018ded90ef3
User-Name = user1,
Tunnel-Type = VLAN,
Tunnel-Medium-Type = IEEE-802,
Tunnel-Private-Group-ID = 0014
00242b752ec4
User-Name = user2,
Tunnel-Type = VLAN,
68
A RADIUS server must have already been added to the NXA-WAPZD1000
WLAN authentication method must be set to 802.1X/EAP
WLAN encryption method must be set to WPA or WPA2
Tunnel-Type: Set this attribute to VLAN.
Tunnel-Medium-Type: Set this attribute to IEEE-802.
Tunnel-Private-Group-ID: Set this attribute to the VLAN ID to which you want to segment this
user.
Type ID Expected Value (Numerical)
64
65
81
VLAN (13)
802 (6)
VLAN ID
NXA-WAPZD1000 ZoneDirector Smart WLAN Controller

Advertisement

Table of Contents
loading

Related Manuals for AMX NXA-WAPZD1000

Related Content for AMX NXA-WAPZD1000

Table of Contents