Profile Overrides - Bridge VLAN

About this task

A VLAN (Virtual LAN ) is separately administrated virtual network within the same physical network. VLANs are broadcast domains defined within switches to allow control of broadcast, multicast, unicast, and unknown unicast within a Layer 2 device.
Note

Note

For information, see Bridge VLAN Configuration.

To override an access point profile's Bridge VLAN configuration:

Procedure

  1. Go to Configuration → Devices → Device Overrides.

    The Device Overrides screen displays. This screen lists devices within the managed network.

  2. Select an access point.

    The selected access point's configuration menu displays.

  3. Expand the Network node and select Bridge VLAN. The Bridge VLAN Main screen displays. This screen displays existing Bridge VLAN configurations.
    Click to expand in new window
    GUID-B006D10C-4C40-408A-A086-F62C52C1FE18-low.png
  4. Review the following VLAN configuration parameters to determine whether an update is warranted:

    VLAN

    Lists the numerical identifier defined for the Bridge VLAN when initially created. The available range is from 1 - 4095. This value cannot be modified during the edit process.

    Description

    Lists a description of the VLAN assigned when it was created or modified. The description should be unique to the VLAN's specific configuration and help differentiate it from other VLANs with similar configurations.

    Edge VLAN Mode

    Defines whether the VLAN is currently in edge VLAN mode. A green checkmark defines the VLAN as extended. An edge VLAN is the VLAN where hosts are connected. For example, if VLAN 10 is defined with wireless clients, and VLAN 20 is where the default gateway resides, VLAN 10 should be marked as an edge VLAN and VLAN 20 shouldn't. When defining a VLAN as an edge VLAN, the firewall enforces additional checks on hosts in that VLAN. For example, a host cannot move from an edge VLAN to another VLAN and still keep firewall flows active.

    Trust ARP Response

    When ARP trust is enabled, a green checkmark displays. When disabled, a red "X" displays. Trusted ARP packets are used to update the IP-MAC Table to prevent IP spoof and arp-cache poisoning attacks.

    Trust DHCP Responses

    When DHCP trust is enabled, a green checkmark displays. When disabled, a red "X" displays. When enabled, DHCP packets from a DHCP server are considered trusted and permissible. DHCP packets are used to update the DHCP Snoop Table to prevent IP spoof attacks.

  5. Select Add to define a new bridge VLAN configuration, Edit to modify an existing bridge VLAN configuration or Delete to remove a VLAN configuration.