Working with VLANs
Traffic flow examples
7-13
In this example, the AP is bound to an non-access-controlled VSC. User A illustrates default
behavior. User B illustrates how to override the default behavior with an user-assigned VLAN.
User A does not have a VLAN assigned via RADIUS, so traffic from this user exits the
AP’s Ethernet port on the egress network (VLAN 10) defined in the VSC binding, allowing
it to reach the network 1.
User B has a VLAN of 20 assigned via their RADIUS account, which overrides the egress
network defined in the VSC binding. As a result, traffic from User B is sent on the AP’s
Ethernet port tagged with VLAN 30, allowing it to reach the network 2.
RADIUS
Server
Network 1
Untagged
User A
Notebook
-SSID=Guest
Network 1
User gains access to
resources on network 1.
Untagged
VLAN=10
AP
VSC binding
-VSC=Guest
-Egress network=VLAN 10
Management
-Default settings
Controller
VSC: Guest
-VSC ingress=SSID (Guest)
-WPA via RADIUS
Management
-Default settings
Port 1
LAN Port
M
a
n
a
g
e
m
e
n
t
t
r
a
f
f
i
c
M
a
n
a
g
e
m
e
n
t
t
r
a
f
f
i
c
A
u
t
h
e
n
t
i
c
a
t
i
o
n
t
r
a
f
f
i
c
Controller
U
s
e
r
A
t
r
a
f
f
i
c
AP
Switch
RADIUS server
User B
-VLAN=20
(VLAN 10)
Untagged
User B
Notebook
-SSID=Guest
User A
User B
Untagged
VLAN=20
Network 2
(VLAN 20)
U
s
e
r
B
t
r
a
f
f
i
c
Untagged
Network 2
User gains access to
resources on network 2.
To Next Page
Loading...
Need help?
General
