Filter
Top Products
Working with controlled APs
Defining VLANs
3-29
Each time a VSC is bound to a group, you have the option of assigning a VLAN ID to be used
for egress traffic sent by all APs in the group. For example, if VSC 1 and VSC 2 are both bound
to the Default Group, the egress traffic for each VSC could be tagged with a different VLAN to
segregate the traffic.
Note If an access-controlled VSC is bound to a group, the VLAN must match the ingress VLAN on
the VSC (or be altered by a switch between the AP and the service controller to do so.).
Dynamic VLANs
When a dynamic VLAN is assigned to a user, it overrides the egress VLAN set here as follows:
If the group is bound to an access-controlled VSC, the dynamic VLAN applies on the
service controller and overrides the VSC egress mapping on the bound VSC.
For example, if Use egress VLAN is set to 10, the AP sends traffic to the service
controller on VLAN 10. This traffic is picked up by the VSC with Ingress set to 10. Now if
a dynamic VLAN of 30 is assigned to the user, then the egress traffic on this VSC for the
user occurs on VLAN 30 (regardless of the egress setting for the VSC). So user traffic
exits the service controller on VLAN 30.
Private
network
Port 1
LAN Port
M
a
n
a
g
e
m
e
n
t
t
r
a
f
f
i
c
M
a
n
a
g
e
m
e
n
t
t
r
a
f
f
i
c
A
u
t
h
e
n
t
i
c
a
t
i
o
n
t
r
a
f
f
i
c
Service
controller
Switch
User A
U
s
e
r
t
r
a
f
f
i
c
Internet Port
AP
Untagged
User A
Notebook
-Wireless
Untagged
VLAN=10
Untagged
AP
VSC binding
-Egress VLAN=10
Management
-Default settings
Service controller
VSC Guest
-VSC ingress=VLAN 10
-VSC egress=No VLAN
Management
-Default settings
Private network
User gains access to
resources on protected
network.
VLAN=30
Local user list: User A
-VLAN ID=30