Filter
Top Products
Working with VSCs
VSC data flow
Access control enabled
VSC on controlled AP
Ingress
The AP only handles wireless traffic. The SSID is the name of the wireless network with
which the user associates.
Features
Wireless security filters: Enables the AP to block traffic unless it is addressed to a
specific destination, such as the service controller. See Wireless security filters on
page 2-13.
Wireless MAC filter: Enables the AP to only allow wireless-to-wired LAN traffic for
specific wireless-user MAC addresses.
Wireless IP filter: Enables the AP to only allow wireless-to-wired LAN traffic for
specific wireless-user IP addresses.
Egress
Bridged onto port 1+2 (untagged): Untagged user and authentication traffic is
bridged onto ports 1 and 2.
Bridged onto port 1 (VLAN): VLAN tagged traffic is bridged onto port 1 only. VLAN
tags can be assigned on a per-user basis via RADIUS attributes (see Defining account
profiles on page 7-11), or for all traffic on a VSC (see Defining VLANs on page 3-28).
Client data tunnel: When this option is enabled, the AP creates a data tunnel to the
service controller to carry all user traffic. See Client data tunnel on page 2-10.
VSC on service controller
Ingress
SSID (Client data tunnel): When a client data tunnel has been created between the AP
and the service controller, all user traffic comes in on it. See Client data tunnel on
page 2-10. The tunnel is established using same interface on which the AP was
discovered. (LAN or Internet port).
SSID (LAN port): SSID is retrieved using the location-aware function.
VLAN (LAN or Internet port): Traffic with a VLAN ID is handled by the VSC with a
matching VLAN definition. See Using multiple VSCs on page 2-24.
Untagged (LAN port): Untagged traffic on the LAN port may originate from wired
users, or MSM APs operating in autonomous mode.
2-22