Using A Radius Server To Assign Users To Vlans - Allen-Bradley Stratix 5100 User Manual

Chapter 15 Configuring VLANs
448
• VLAN names can contain up to 32 ASCII characters. However, a VLAN
name cannot be a number between 1...4095. For example, vlan4095 is a
valid VLAN name, but 4095 is not. The access point reserves the numbers
1...4095 for VLAN IDs.
Creating a VLAN Name
Beginning in privileged EXEC mode, follow these steps to assign a name to a
VLAN:
1. Enter global configuration mode.
configure terminal
2. Assign a VLAN name to a VLAN ID. The name can contain up to 32
ASCII characters.
dot11 vlan-name name vlan vlan-id
3. Return to privileged EXEC mode.
end
4. (Optional) Save your entries in the configuration file.
copy running-config startup-config
Use the form of the command to remove the name from the VLAN. Use the
no
show dot11 vlan-name
name and ID pairs configured on the access point.

Using a RADIUS Server to Assign Users to VLANs

You can configure your RADIUS authentication server to assign users or groups
of users to a specific VLAN when they authenticate to the network.
Unicast and multicast cipher suites advertised in WPA information element (and
negotiated during 802.11 association) can potentially mismatch with the cipher
suite supported in an explicitly assigned VLAN. If the RADIUS server assigns a
new vlan ID that uses a different cipher suite from the previously negotiated
cipher suite, there is no way for the access point and client to switch back to the
new cipher suite. Currently, the WPA and CCKM protocols don't allow the
cipher suite to be changed after the initial 802.11 cipher negotiation phase. In
this scenario, the client device is disassociated from the wireless LAN.
The VLAN-mapping process consists of these steps:
1. A client device associates to the access point by using any SSID configured
on the access point.
2. The client begins RADIUS authentication.
Rockwell Automation Publication 1783-UM006A-EN-P - May 2014
privileged EXEC command to list all the VLAN