To define a bridge VLAN general configuration:
The General tab displays by default.
Description | If creating a new Bridge VLAN, provide a description (up to 64 characters) unique to the VLAN's specific configuration to help differentiate it from other VLANs with similar configurations. |
Per VLAN Firewall | Enable this setting to provide firewall allow and deny conditions over the bridge VLAN. This setting is enabled by default. |
URL Filter | Use the drop-down menu to select a URL filter to use with this Bridge VLAN. |
Legacy WiNG 802.11ac APs, running WiNG 5.9.X or WiNG 7.2.1 OS, use a third-party DPI engine to detect top-level hosting applications along with the services these applications host. Once detected, an Application Policy can be applied to dictate how each traffic type is managed. For legacy APs, select an Application Policy. The legacy APs are: AP7522, AP7532, AP7562, AP7612, AP7632, AP7662, AP8432, AP8533.
To create a new Application Policy, click Create and the define the policy settings. For information on creating Application policies, see Create an Application Policy.
The 802.11ax, AP5xx model APs, running WiNG 7.1.2 or later version of the WiNG 7 OS, use Purview™ libDPI. For the 11AX APs, select a Purview Application Policy. To create a new Purview Application Policy, click Create and the define the policy settings. Refer the WiNG 7.2.1 CLI Reference guide for information on Purview Application Policy.
Bridging Mode | Specify one of the following bridging modes for the
VLAN. Automatic: Select automatic to let the controller, service platform or access point determine the best bridging mode for the VLAN. Local: Select Local to use local bridging mode for bridging traffic on the VLAN. Tunnel: Select Tunnel to use a shared tunnel for bridging traffic on the VLAN. isolated-tunnel: Select isolated-tunnel to use a dedicated tunnel for bridging VLAN traffic. |
IP Outbound Tunnel ACL | Select an IP Outbound Tunnel ACL for outbound traffic from the drop-down menu. If an appropriate outbound IP ACL is not available, select the Create button to make a new one. |
MAC Outbound Tunnel ACL | Select a MAC Outbound Tunnel ACL for outbound traffic from the drop-down menu. If an appropriate outbound MAC ACL is not available click the Create button to make a new one. |
Tunnel Over Level 2 | Select this option to allow VLAN traffic to be tunneled over level 2 links. This setting is disabled by default. |
Note
Local and Automatic bridging modes do not work with ACLs. ACLs can only be used with tunnel or isolated-tunnel modes.MAC Authentication | Select to enable source MAC authentication for extended VLAN and tunneled traffic (MiNT and L2TPv3) on this bridge VLAN. When enabled, it provides fast path authentications of clients, whose captive portal session has expired. This option is disabled by default. |
Captive-Portal Authentication | Use the drop-down menu to specify authentication mode used for
extended VLAN and tunneled traffic, on this Bridge VLAN. The options
are: None – No Authentication mode used. This is the default setting. Authentication Failure – Configures MAC Authentication as the primary and Captive-Portal Authentication as the fall-back authentication mode. Always – Configures Captive-Portal Authentication as the only mode of Authentication |
Edge VLAN Mode | Select this option to enable edge VLAN mode. When selected, the edge controller's IP address in the VLAN is not used, and is now designated to isolate devices and prevent connectivity. This feature is enabled by default. |
Trust ARP Response | Select this option to use trusted ARP packets to update the DHCP Snoop Table to prevent IP spoof and arp-cache poisoning attacks. This feature is disabled by default. |
Trust DHCP Responses | Select this option to use DHCP packets from a DHCP server as trusted and permissible within the managed network. DHCP packets are used to update the DHCP Snoop Table to prevent IP spoof attacks. This feature is disabled by default. |
Edge VLAN Mode | Select this option to enable edge VLAN mode. When selected, the edge controller's IP address in the VLAN is not used, and is now designated to isolate devices and prevent connectivity. This feature is enabled by default. |