Manualshelf

CLI Reference Guide

ManualsBrandsHP ManualsSoftwareHP Wireless Switch Manager Software
181182183184185186187188189190
190 CHAPTER 5: CONFIGURING WX SYSTEM AND ADMINISTRATIVE PARAMETERS
You do not need to configure VLANs on MAP access ports or wired
authentication ports, because the VLAN membership of these types of
ports is determined dynamically through the authentication and
authorization process. Users who require authentication connect through
WX ports that are configured for MAP access points or wired
authentication access. Users are assigned to VLANs automatically through
authentication and authorization mechanisms such as 802.1X.
By default, none of a WX switch’s ports are in VLANs. A WX switch
cannot forward traffic on the network until you configure VLANs and add
network ports to those VLANs.
VLANs, IP Subnets,
and IP Addressing
Generally, VLANs are equivalent to IP subnets. If a WX is connected to the
network by only one IP subnet, the WX must have at least one VLAN
configured. Optionally, each VLAN can have its own IP address. However,
no two IP addresses on the WX switch can belong to the same IP subnet.
You must assign the system IP address to one of the VLANs, to allow
communications between WX switches and for unsolicited
communications such as SNMP notifications (traps) and RADIUS
accounting messages. Any IP address configured on a WX switch can be
used for management access unless explicitly restricted.
Users and VLANs When a user successfully authenticates to the network, the user is
assigned to a specific VLAN. A user remains associated with the same
VLAN throughout the user’s session on the network, even when roaming
from one WX switch to another within the Mobility Domain.
You assign a user to a VLAN by setting one of the following attributes on
the RADIUS servers or in the local WX user database:
Tunnel-Private-Group-ID — This attribute is described in RFC 2868,
RADIUS Attributes for Tunnel Protocol Support.
VLAN-Name — This attribute is a 3Com vendor-specific attribute
(VSA).
You cannot configure the Tunnel-Private-Group-ID attribute in the local
user database.
Specify the VLAN name, not the number. If both attributes are used, the
WX uses the VLAN name in the VLAN-Name attribute.