NETGEAR WNDAP360 Reference page 46

ProSafe Dual Band Wireless-N Access Point WNDAP360
Table 10. Authentication Settings of the Edit Security Profile Screen (Continued)
Field
Wireless Client Security
Separation
Dynamic VLAN
VLAN ID
Access Control
Access Control Policy
6. Click Apply to save your settings.
Description
If you enable wireless client security separation by selecting Enable from the
drop-down list, the associated wireless clients are not be able to communicate
with each other. By default, Disable is selected from the drop-down list. This
feature is intended for hotspots and other public access situations.
From the drop-down list, select how VLANs operate by making one of the
following selections:
• Disable. Disables dynamic VLANs, and enables static VLANs. This is the
default setting.
• Optional. Enables dynamic VLANs but if a RADIUS server does not return a
VLAN ID, the wireless station is still allowed to connect to the wireless access
point.
• Required. Enables dynamic VLANs. If a RADIUS server does not return a
VLAN ID, the wireless station is not authenticated and cannot connect to the
wireless access point.
For dynamic VLANs to operate (that is, the selection is Optional or Required),
the following is required:
• The hubs and switches on your LAN need to support the VLAN (802.1Q)
standard.
• The authentication is set to any RADIUS type authentication: either the
network authentication in the wireless security profile or the remote MAC
address database authentication for the MAC Authentication feature can be
used.
Enter the default VLAN ID that needs to be associated with this wireless security
profile. The default VLAN ID is 1. The VLAN ID needs to match the VLAN ID that
is used by the other devices in your network.
Note: Access control functions only when static VLANs are enabled, that is, you
select Disable from the Dynamic VLAN drop-down list.
The Access Control radio buttons let you enable or disable access control
through a RADIUS server to ensure that clients are connected to the wireless
access point through the correct VLAN.
• Disable. Access control is disabled. This is the default setting.
• Enable. Access control is enabled. Clients are authenticated through a
RADIUS server.
When access control is enabled, the access control policy lets you specify
whether or not a client can access the wireless access point when the client is
not authenticated because the VLAN ID is incorrect.
Select a radio button to enable or disable access:
• Disable. If the RADIUS server does not authenticate the client, the client is
still allowed to connect to the wireless access point through the default VLAN
(which is specified in the VLAN ID field) instead of through the VLAN to which
the client is assigned in the RADIUS server.
• Enable. If the RADIUS server does not authenticate the client, the client is not
allowed to connect to the wireless access point.
Wireless Configuration and Security
46