Working with VLANs
Traffic flow examples
7-11
Egress network in VSC binding: Defined VLAN = 10
Client data tunnel: Disabled
User-assigned VLAN is assigned via RADIUS or local user accounts: Assigned
VLAN = 30
User-assigned VLAN exists on AP or controller: VLAN 30 is defined on the
controller’s Internet port
Result: Traffic is sent on the APs Ethernet port tagged with the VLAN specified by the
Egress network in the VSC binding. The Egress network VLAN must match the ingress
VLAN on the bound VSC (or be altered by a switch between the AP and the controller to
do so) otherwise traffic from the AP will not reach the controller. Because the is a non-
access controlled VSC, the user-assigned VLAN applies only on the controller. Therefore,
user traffic exits the controller on the user-assigned VLAN, which overrides the VSC
egress mapping (no VLAN) defined for the VSC Guest.
In this example, the egress network in the AP’s VSC binding is set to 10. The AP sends user
wireless traffic to the controller on VLAN 10. This traffic is picked up by the controller’s VSC
with ingress set to 10.
A VLAN of 30 is assigned to the user via their RADIUS account, which overrides the egress
setting for the VSC on the controller. As a result, the user’s traffic exits the controller on
VLAN 30, which is mapped to the controller’s Internet port.
Private
network
Port 1
LAN Port
M
a
n
a
g
e
m
e
n
t
t
r
a
f
f
i
c
M
a
n
a
g
e
m
e
n
t
t
r
a
f
f
i
c
A
u
t
h
e
n
t
i
c
a
t
i
o
n
t
r
a
f
f
i
c
Controller
Switch
User A
U
s
e
r
t
r
a
f
f
i
c
Internet Port
AP
Untagged
User A
Notebook
-SSID=Guest
Untagged
VLAN=10
Untagged
AP
VSC binding
-VSC=Guest
-Egress network=10
Management
-Default settings
Controller
VSC Guest
-VSC ingress=VLAN 10
-VSC egress=No VLAN
-WPA via RADIUS
Management
-Default settings
Private network
User gains access to
resources on the private
network.
VLAN=30
RADIUS
Server
LAN Port
Controller
RADIUS server
User A
-VLAN=30
Untagged
(VLAN 30)
To Next Page
Loading...
Need help?
General
