An Ethernet Port Profile specifies how an AP manages VLAN traffic on ports configured as trunk, access, or selective trunk.

1. On the RUCKUS One web interface navigate to Network Control > Policies & Profiles > Ethernet Port Profile.
   The Ethernet Port Profile page is displayed.
2. Click Add Ethernet Port Profile.
   The Add Ethernet Port Profile page is displayed. Configure the following:

   • Profile Name: Enter a name to identify the Ethernet port profile.
   • Port Type: The Ethernet port type determines how the AP manages VLAN frames. Select any one option from the drop-down list.
     • Trunk - A trunk port carries multiple VLANs, allowing traffic from different VLANs to pass through a single physical connection between network devices.
     • Access - An access port connects a device to a single VLAN, allowing traffic only from that VLAN to pass through.
     • Selective Trunk - A Trunk port type that allows you to define VLAN members values.
   • VLAN Untag ID: Enter the ID of the native VLAN (default is 1), which is the VLAN into which untagged ingress packets are placed upon arrival. If your network uses a different VLAN from the native VLAN, configure the VLAN Untag ID of the AP Trunk port with the native VLAN used throughout your network.
   • VLAN Members: Enter the VLAN IDs that you want to use to tag WLAN traffic that will use this profile. You can enter a single VLAN ID or a VLAN ID range (or a combination of both). The valid VLAN ID range is from 1 through 4094.
     Note: This field is available only when Port Type is set to Selective Trunk.
   • 802.1X Authentication (Optional): Toggle on to enable 802.1X authentication. This setting is disabled by default. When enabled, additional fields appear; modify these as required.
   • 802.1X Role: Select the authenticator role from the menu. Depending on the selected Port Type, option include Supplicant, MAC-based Authenticator, and Port-based Authenticator. When you select Supplicant (default), you can customize the user name and password (using the Credential Type field) to authenticate as a supplicant role or use the credentials of the AP MAC address. When you select Port-based Authenticator, only a single MAC address host must be authenticated for all hosts to be granted access to the network. Additional authentication and accounting fields appear; modify these as required. If you select MAC-based Authenticator (appears only when Port Type is Access), each MAC address host is individually authenticated. Each newly learned MAC address triggers an EAPOL request-identify frame.
   • Credential Type: You can choose from Use AP MAC Address Auth (default) or Custom Auth. If you choose Custom Auth, provide the Username and Password.
   • Authentication Server:You must select an existing RADIUS server from the drop-down menu or click the Add Server option to add a RADIUS AAA server. Refer to Creating a Radius Server Profile for configuration details.
   • Use Proxy Service: Enable this option to use RUCKUS One as a proxy authentication server. This setting is disabled by default; enable as per your network requirements.This option reduces the load on the RADIUS server caused by communication with all Authenticators across multiple APs by introducing the Proxy Service. With the Proxy Service, IEEE 802.1X packets for AP ethernet ports are sent from the AP to RUCKUS One and then forwarded to the appropriate RADIUS server.
   • Use MAC auth bypass: When enabled, the port first attempts to authenticate the attached device by MAC address, and if that fails, it attempts to authenticate the device using 802.1X. This option is disabled by default.
   • Dynamic VLAN: Enable dynamic VLAN assignment if you want the controller to assign VLAN IDs on a per-user basis. The Dynamic VLAN option is only available when the Port Type is set to Access Port and 802.1X Role is set to MAC-based Authenticator.
   • Guest VLAN: A guest VLAN is used if you want to allow a device that fails authentication to access the internet but restrict it from accessing internal network resources.
3. Click Add.
   The Ethernet Port Profile is created. You can click the profile from the list to view its configuration, details as shown. You can apply an Ethernet Port Profile at the venue level or the AP level by editing the venue or AP Networking > LAN Ports configuration.