User's Manual
Table Of Contents
- Contents
- 1 Deploying the M220
- 2 Using Quick setup
- 3 Managing the M220
- 4 Working with wireless communities and authentication
- 5 Wireless configuration
- 6 Creating WDS links
- 7 Configuring Ethernet, IP, and VLAN settings
- 8 Clustering multiple M220s
- 9 Maintenance
- 10 Tools
- 11 Support and other resources
VLAN configuration 77
• The Employee wireless community is configured with VLAN 10. All employee traffic exits
the M220 on VLAN 10, providing access to the company file server, shared printer, and
the Internet.
• The Guest wireless community is configured with VLAN 20. All traffic from the Guest
community exits the M220 on VLAN20, providing access to the shared printer and the
Internet.
VLAN assignment via RADIUS
VLANs can also be assigned on a per-user basis by setting VLAN attributes in a user’s RADIUS
account. To use this option, you need to do the following:
• Configure a wireless community with Security method set to WPA Enterprise or
IEEE802.1X. For configuration details, see Wireless protection on page 35.
• Configure a RADIUS server information for the selected security type.
• On the RADIUS server, configure user accounts with the appropriate VLAN attributes.
Note When a VLAN is defined in a user’s RADIUS account, it always overrides the VLAN defined for
a wireless community. This enables you to define an VLAN setting for a community and then
override it on a per-user basis as required.
RADIUS-assigned VLANs are created and deleted dynamically as clients associate and
disassociate with the M220. When the first client assigned by RADIUS to a particular VLAN
authenticates with the M220, the M220 creates the VLAN. When the last client using that
VLAN disassociates, the VLAN is deleted from the M220. The maximum number of dynamic
VLANs is equal to the maximum number of configurable clients on the AP.
Example
In the following scenario, RADIUS user accounts are configured to assign employees to
different VLANs depending on the workgroup to which an employee belongs:
VLAN 20
Guest #1
Guest #2
RADIUS server
DHCP server
No VLAN
Employee
Wireless community
VLAN = 20
R&D
Employee
VLAN = 10
Accounting
Employee
VLAN = 15
Guest
Wireless community
VLAN = 20
Guest #1
Guest #2
R&D
le server
VLAN 10
VLAN 15
Accounting
le server
Shared
printer
RADIUS server
DHCP server
Switch
VLAN 10, 15, 20
No VLAN
M220
VLAN 10, 15, 20
M220
#3
VLAN 20