74
DWS-1008 User’s Manual
D-Link Systems, Inc.
Configuring and Managing Ports and VLANs
the VLAN are down. However, a wireless client that is already in a VLAN whose physical
network ports go down remains in the VLAN even though the VLAN is down.
Users and VLANs
When a user successfully authenticates to the network, the user is assigned to a specific
VLAN. A user remains associated with the same VLAN throughout the user’s session on the
network.
You assign a user to a VLAN by setting one of the following attributes on the RADIUS servers
or in the local user database:
• Tunnel-Private-Group-ID - This attribute is described in RFC 2868,
RADIUS
Attributes for Tunnel Protocol Support
.
• VLAN-Name - This attribute is a D-Link vendor-specific attribute (VSA).
Specify the VLAN name, not the VLAN number. The examples in this chapter assume the
VLAN is assigned on a RADIUS server with either of the valid attributes.
VLAN Names
To create a VLAN, you must assign a name to it. VLAN names must be globally unique to ensure
the intended user connectivity as determined through authentication and authorization.
Every VLAN on a DWS-1008 switch has both a VLAN name, used for authorization purposes,
and a VLAN number. VLAN numbers can vary uniquely for each switch and are not related to
802.1Q tag values. You cannot use a number as the first character in a VLAN name.
Roaming and VLANs
The DWS-1008 switch in your network contains user’s traffic within the VLAN that the user
is assigned to. For example, if you assign a user to VLAN
red
, the switch contains the
user’s traffic within VLAN
red
configured on the switch.
Note:
You cannot configure the Tunnel-Private-Group-ID attribute in the local user database.
The switch through which a user is authenticated is not required to be a member of the VLAN
the user is assigned to. The traffic can be of any protocol type.
Traffic Forwarding