VLAN authorization

You can specify authorization VLANs for a WLAN client to control the client's access to network resources. When the client passes 802.1X or MAC authentication, the authentication server assigns the authorization VLAN information to the authenticator. When the device acts as the authenticator, it can resolve server-assigned VLANs of the following formats:


[NOTE: ]

NOTE:

The device converts VLAN names and VLAN group names into VLAN IDs before it assigns a VLAN to the client. If the device receives a group of VLANs from the server, it selects the VLAN with the lowest ID for VLAN authorization.


The device fails VLAN authorization for a client in the following situations:

In AC hierarchical networks, the device for data forwarding and the authenticator can be different devices. For example, the central AC performs authentication and the local AC or AP forwards data traffic.

Authorization VLAN information is used to control data forwarding, so they must be assigned by the device that forwards data traffic. VLAN assignment can be local VLAN assignment or remote VLAN assignment, depending on whether the authenticator and the forwarding device are the same device.

For more information about VLANs, see Layer 2LAN Switching Configuration Guide.