Bridge VLAN General Settings

About this task

To define a bridge VLAN general configuration:

Procedure

  1. Select Add to define a new Bridge VLAN configuration, Edit to modify an existing Bridge VLAN configuration or Delete to remove a VLAN configuration.

    The General tab displays by default.

    Click to expand in new window
    GUID-F1DCB838-2A4C-4F2F-B9BE-6A77A569B1D7-low.png
  2. If adding a new Bridge VLAN configuration, use the spinner control to define a VLAN ID between 1 - 4094. This value must be defined and saved before the General tab can become enabled and the remainder of the settings defined. VLAN IDs 0 and 4095 are reserved and unavailable.
  3. Set the following general bridge VLAN parameters:

    Description

    If creating a new Bridge VLAN, provide a description (up to 64 characters) unique to the VLAN's specific configuration to help differentiate it from other VLANs with similar configurations.

    Per VLAN Firewall

    Enable this setting to provide firewall allow and deny conditions over the bridge VLAN. This setting is enabled by default.

  4. Set or override the following URL Filter parameters. Web filters are used to control the access to resources on the Internet:

    URL Filter

    Use the drop-down menu to select a URL filter to use with this Bridge VLAN.

  5. Set or override the following Application Policy parameters. Use the drop-down to select the appropriate Application Policy to use with this Bridge VLAN configuration.
  6. Set the following Extended VLAN Tunnel parameters:

    Bridging Mode

    Specify one of the following bridging modes for the VLAN.

    Automatic: Select automatic to let the controller, service platform or access point determine the best bridging mode for the VLAN.

    Local: Select Local to use local bridging mode for bridging traffic on the VLAN.

    Tunnel: Select Tunnel to use a shared tunnel for bridging traffic on the VLAN.

    isolated-tunnel: Select isolated-tunnel to use a dedicated tunnel for bridging VLAN traffic.

    IP Outbound Tunnel ACL

    Select an IP Outbound Tunnel ACL for outbound traffic from the drop-down menu. If an appropriate outbound IP ACL is not available, select the Create button to make a new one.

    MAC Outbound Tunnel ACL

    Select a MAC Outbound Tunnel ACL for outbound traffic from the drop-down menu. If an appropriate outbound MAC ACL is not available click the Create button to make a new one.

    Tunnel Over Level 2

    Select this option to allow VLAN traffic to be tunneled over level 2 links. This setting is disabled by default.

    Note

    Note

    Local and Automatic bridging modes do not work with ACLs. ACLs can only be used with tunnel or isolated-tunnel modes.

  7. Set the following Extended VLAN Tunnel Authentication settings:

    MAC Authentication

    Select to enable source MAC authentication for extended VLAN and tunneled traffic (MiNT and L2TPv3) on this bridge VLAN. When enabled, it provides fast path authentications of clients, whose captive portal session has expired. This option is disabled by default.

    Captive-Portal Authentication

    Use the drop-down menu to specify authentication mode used for extended VLAN and tunneled traffic, on this Bridge VLAN. The options are:

    None – No Authentication mode used. This is the default setting.

    Authentication Failure – Configures MAC Authentication as the primary and Captive-Portal Authentication as the fall-back authentication mode.

    Always – Configures Captive-Portal Authentication as the only mode of Authentication

    Edge VLAN Mode

    Select this option to enable edge VLAN mode. When selected, the edge controller's IP address in the VLAN is not used, and is now designated to isolate devices and prevent connectivity. This feature is enabled by default.

  8. Set the following Layer 2 Firewall parameters:

    Trust ARP Response

    Select this option to use trusted ARP packets to update the DHCP Snoop Table to prevent IP spoof and arp-cache poisoning attacks. This feature is disabled by default.

    Trust DHCP Responses

    Select this option to use DHCP packets from a DHCP server as trusted and permissible within the managed network. DHCP packets are used to update the DHCP Snoop Table to prevent IP spoof attacks. This feature is disabled by default.

    Edge VLAN Mode

    Select this option to enable edge VLAN mode. When selected, the edge controller's IP address in the VLAN is not used, and is now designated to isolate devices and prevent connectivity. This feature is enabled by default.

  9. Click the OK button to save the changes to the General tab.

    Click Reset to revert to the last saved configuration.