D-Link DWS-1008 User Manual
Users and VLANs
When a user successfully authenticates to the network, the user is assigned to a specific VLAN. A user
remains associated with the same VLAN throughout the user’s session on the network, even when
roaming from one switch to another within the network.
You assign a user to a VLAN by setting one of the following attributes on the RADIUS servers or in the
local user database:
• Tunnel-Private-Group-ID - This attribute is described in RFC 2868,
RADIUS Attributes for
Tunnel Protocol Support
.
• VLAN-Name - This attribute is a D-Link vendor-specific attribute (VSA).
Specify the VLAN name, not the VLAN number. The examples in this chapter assume the VLAN is
assigned on a RADIUS server with either of the valid attributes.
VLAN Names
To create a VLAN, you must assign a name to it. VLAN names must be globally unique across your network
to ensure the intended user connectivity as determined through authentication and authorization.
Every VLAN on a switch has both a VLAN name, used for authorization purposes, and a VLAN number.
VLAN numbers can vary uniquely for each switch and are not related to 802. 1Q tag values.
You cannot use a number as the first character in a VLAN name.
Traffic Forwarding
A switch switches traffic at Layer 2 among ports in the same VLAN. For example, suppose you configure
ports 4 and 5 to belong to VLAN 2 and ports 6 and 7 to belong to VLAN 3. As a result, traffic between
port 4 and port 5 is switched, but traffic between port 4 and port 6 is not switched and needs to be
routed by an external router.
802.1Q Tagging
The tagging capabilities of the switch are very flexible. You can assign 802.1Q tag values on a per-
VLAN, per-port basis. The same VLAN can have different tag values on different ports. In addition, the
same tag value can be used by different VLANs but on different network ports.
If you use a tag value, D-Link recommends that you use the same value as the VLAN number. MSS
does not require the VLAN number and tag value to be the same, but some other vendors’ devices do.
MSS automatically assigns tag values to Distributed APs. Each of these tag values represents a unique
combination of radio, encryption type, and VLAN. These tag values do not necessarily correspond to tag
values you configure on the VLAN ports through which the Distributed AP is connected to the switch.
Содержание DWS-1008
Страница 1: ......