Configuring and managing ports and VLANs 103Nortel WLAN—Security Switch 2300 Series Configuration GuideInteroperating with Cisco Systems EtherChannelLoad-sharing port groups are interoperable with Cisco Systems EtherChannel capabilities. To configure aCisco Catalyst switch to interoperate with a Nortel WSS, use the following command on the Catalyst switch:set port channel port-list mode onConfiguring and managing VLANsUnderstanding VLANs in Nortel WSS softwareA virtual LAN (VLAN) is a Layer 2 broadcast domain that can span multiple wired or wireless LANsegments. Each VLAN is a separate logical network and, if you configure IP interfaces on the VLANs, WSSSoftware treats each VLAN as a separate IP subnet.Only network ports can be preconfigured to be members of one or more VLAN(s). You configure VLANs ona WSS’s network ports by configuring them on the switch itself. You configure a VLAN by assigning a nameand network ports to the VLAN. Optionally, you can assign VLAN tag values on individual network ports.You can configure multiple VLANs on a WSS’s network ports. Optionally, each VLAN can have an IPaddress.VLANs are not configured on AP access ports or wired authentication ports, because the VLAN membershipof these types of ports is determined dynamically through the authentication and authorization process. Userswho require authentication connect through WSS ports that are configured for APs or wired authenticationaccess. Users are assigned to VLANs automatically through authentication and authorization mechanismssuch as 802.1X.By default, none of a WSS’s ports are in VLANs. A switch cannot forward traffic on the network until youconfigure VLANs and add network ports to those VLANs.Note. The CLI commands in this chapter configure VLANs on WSS network ports. Thecommands do not configure VLAN membership for wireless or wired authentication users.To assign a user to a VLAN, configure the RADIUS Tunnel-Private-Group-ID attribute or theVLAN-Name vendor specific attribute (VSA) for that user. (For more information, see“Configuring AAA for network users” (page 467).)Note. A wireless client cannot join a VLAN if the physical network ports on the WSS inthe VLAN are down. However, a wireless client that is already in a VLAN whose physicalnetwork ports go down remains in the VLAN even though the VLAN is down.