Device Configuration 5 - 269
9. If creating a new Bridge VLAN, provide a Description (up to 64 characters) unique to the VLAN’s specific configuration to
help differentiate it from other VLANs with similar configurations.
10. Select the Per VLAN Firewall option to enable firewall on this interface. Firewalls, generally, are configured for all
interfaces on a device. When configured, firewalls generate a large amount of flow tables that store information on the
traffic that is allowed to traverse through the firewall. These flow tables occupy a large portion of the limited memory on
the device that could be used for other critical purposes. With the Per VLAN firewall feature enabled on an interface, flow
tables are only generated for that interface, Flow tables are not generated for those interfaces where this feature is not
enabled. This frees up memory that can be used for other purposes.
Firewall can be switched off for those interfaces which are known to carry trusted traffic and only enabled on the interfaces
that can provide a vector for an attack on the network.
11. Select the L2 Tunnel Broadcast Optimization option to prevent flooding of ARP packets on this bridge interface.
Broadcast optimization prevents flooding of ARP packets over the virtual interface. Based on the learned information, ARP
packets are filtered.
12. Set or override the following Extended VLAN Tunnel parameters:
13. Select Tunnel Over Level 2 to tunnel extended VLAN traffic over level 2 links.
14. Set or override the following Layer 2 Firewall parameters:
Bridging Mode Specify one of the following bridging mode for use on the VLAN.
• Automatic: Select Automatic mode to let the controller determine the best bridging
mode for the VLAN.
• Local: Select Local to use local bridging mode for bridging traffic on the VLAN.
• Tunnel: Select Tunnel to use a shared tunnel for bridging traffic on the VLAN. Tunnel
must be selected to successfully create a mesh connection between two Standalone
APs.
• isolated-tunnel: Select isolated-tunnel to use a dedicated tunnel for bridging traffic
on the VLAN.
IP Outbound Tunnel ACL Select an IP Outbound Tunnel ACL for outbound traffic from the drop-down menu. If an
appropriate outbound IP ACL is not available click the create button to make a new one.
MAC Outbound Tunnel ACL Select a MAC Outbound Tunnel ACL for outbound traffic from the drop-down menu. If
an appropriate outbound MAC ACL is not available click the create button to make a
new one.
NOTE: If creating a mesh connection between two access points in Standalone AP
mode, Tunnel must be selected as the bridging mode to successfully create the mesh link
between the two access points.
Trust ARP Responses Select this option to use trusted ARP packets to update the DHCP snoop table to prevent
IP spoof and arp-cache poisoning attacks. This feature is disabled by default.
Trust DHCP Responses Select this option to use DHCP packets from a DHCP server as trusted and permissible
within the network. DHCP packets are used to update the DHCP snoop table to prevent
IP spoof attacks. This feature is disabled by default.
To Next Page
Loading...
