user manual
4-8
Cisco Aironet 1200 Series Access Point Software Configuration Guide
OL-2159-05
Chapter 4 Configuring VLANs
Criteria for Deploying Wireless VLANs
Figure 4-4 RADIUS-Based VLAN Access Control
RADIUS user attributes used for VLAN ID assignment are:
• IETF 64 (Tunnel Type)—Set this to VLAN
• IETF 65 (Tunnel Medium Type)—Set this to 802
• IETF 81 (Tunnel Private Group ID)—Set this to VLAN ID
The Cisco IOS/PIX/RADIUS Attribute (009\001 cisco-av-pair) user attribute is used for SSID control.
For example, this attribute allows a user to access the WLAN using the Engineering and Marketing
SSIDs only.
Criteria for Deploying Wireless VLANs
You should evaluate the need for deploying wireless VLANs in their own environment. Cisco
recommends that you review the VLAN deployment rules and policies before considering wireless
VLAN deployment and that you use similar policies to extend wired VLANs to the wireless LAN. This
section details criteria for wireless VLAN deployment, a summary of rules for wireless LAN (WLAN)
VLAN deployment, and best practices to use on the wired infrastructure side when you deploy wireless
VLANs.
Criteria for wireless VLAN deployment are likely to be different for each scenario. The following are
the most likely criteria:
• Common resources being used by the WLAN:
–
Wired network resources, such as servers, commonly accessed by wireless users
–
QoS level needed by each application (default CoS, voice CoS, etc.)
802.1Q trunk
Management
VLAN
RADIUS
server
81663
SSID = Guest
SSID = Marketing
SSID = Engineering
Access
point/bridge
EAP-Request (user-id: John)
EAP-Success (user-id: John, VLAN-id=24)
Enterprise
network
EAP-Request (user-id: David)
EAP-Success (user-id: David, SSID=Engineering)