Working with VLANs
Key concepts
7-2
Key concepts
The controller provides a robust and flexible virtual local area network (VLAN)
implementation that supports a wide variety of scenarios.
Up to 80 VLAN definitions can be created on the controller. VLAN ranges are supported,
enabling a single definition to span a range of VLAN IDs.
The following controller features are supported on a VLAN:
Network address translation (However, static NAT mappings are not supported.)
Management tool access
SNMP access
SOAP access
VPN traffic
L3 mobility
VLAN usage
VLANs can be used in a number of different ways to affect traffic routing on a controller and
its APs. The following is a list of the most common VLAN uses:
Controller VSC ingress: VLANs can be used to determine how incoming traffic is
mapped to a VSC on a controller. Assigning a VLAN range enables a single VSC to handle
incoming traffic on multiple VLANs.
Controller VSC egress: VLANs can be used to control how traffic is forwarded onto the
wired network by a VSC on the controller. Traffic can be sent to the LAN port or Internet
port, either untagged (no VLAN), tagged with a specific VLAN ID, or distributed across a
range of VLAN IDs (using a round-robin mechanism).
VSC binding: When an AP group is bound to a VSC, an egress VLAN can be specified.
This egress is used in several different ways to route traffic depending on the features
that are active on the VSC. For example, when Mobility traffic manager is active, this
VLAN becomes the user’s home network. See Traffic flow for wireless users on page 7-6.
Switch port VLANs: The switch ports on the MSM317 can be bound to a specific VLAN.
See the MSM317 Installation and Getting Started Guide.
User account profile VLAN: A VLAN can be assigned in a user account profile, enabling
you to configure VLAN usage for groups of users.
VLAN assignment via RADIUS attributes: A VLAN can be assigned in a user’s
RADIUS account, enabling you to customize VLANs on a per-user basis. For example,
when Mobility traffic manager support is enabled on a VSC, RADIUS VLAN attributes can
be used to define a user’s home network.
Discovery VLAN: APs can be provisioned to discover controllers on a specific VLAN.
See Provisioning APs on page 6-31.
To Next Page
Loading...
Need help?
General
