34
FILTERING BY VLAN
The access point supports filtering of up to 64 VLANs (virtual local area networks).
VLAN IDs must be configured for each client on one of the RADIUS authentication
servers specified on the RADIUS configuration page. If a RADIUS server is not being
used or not setup to update the VLAN ID, then the access point will tag all ethernet
packets with the Native VLAN ID (defaulted to 1).
If a RADIUS authentication server will be used to create/modify the VLAN ID, the
following attributes must be provisioned on the RADIUS Server to be passed back to
the authenticating client:
The AP’s IP address is the RADIUS Client/Radius User
Tunnel_type (64) = VLAN (13)
Tunnel_Medium_type (65) = 802
Tunnel_Private_group_ID (81) = VLAN ID specified in Hexadecimal format.
VLAN Switch ports must be tagged ports that match the VLAN ID on the Access
Point. Associated client VLAN IDs will appear in the Syslog file in ASCII Decimal
format.
When VLAN filtering is enabled, the access point queries the server for the VLAN IDs
of associating clients and saves the VLAN IDs. If a client does not have a VLAN ID,
the access point assigns its own native VLAN ID to that client.
To enable VLAN filtering, enter a VLAN ID (a number between 1 and 4095) in the
Native VLAN ID field and select VLAN Enable.
When VLAN filtering is disabled, the access point ignores VLAN-tagged frames.
SECURITY FILTERS
These options allow you to block communication among wireless clients
(client-to-client blocking) and prevent wireless clients from performing access point
administration.
n Local Bridge Filter—Enable this filter to prevent direct communication between
wireless clients, creating a more secure wireless network.
n AP Management Filter—Enable this filter to prevent wireless clients from
accessing the access point for management; for example through TELNET or
SNMP.
