Configure Bridge VLAN General Settings

To define a bridge VLAN general configuration:

  1. Select Add to define a new Bridge VLAN configuration, Edit to modify an existing Bridge VLAN configuration or Delete to remove a VLAN configuration.
    Click to expand in new window
    GUID-F1DCB838-2A4C-4F2F-B9BE-6A77A569B1D7-low.png

    The General tab displays by default.

  2. If adding a new Bridge VLAN configuration, use the spinner control to define a VLAN ID between 1 - 4094. This value must be defined and saved before the General tab can become enabled and the remainder of the settings defined. VLAN IDs 0 and 4095 are reserved and unavailable.
  3. Set the following general bridge VLAN parameters:
    Description If creating a new Bridge VLAN, provide a description (up to 64 characters) unique to the VLAN's specific configuration to help differentiate it from other VLANs with similar configurations.
    Per VLAN Firewall Enable this setting to provide firewall allow and deny conditions over the bridge VLAN. This setting is enabled by default.
  4. Set or override the following URL Filter parameters. Web filters are used to control the access to resources on the Internet:
    URL Filter Use the drop-down menu to select a URL filter to use with this Bridge VLAN.
  5. In the Application Policy section select an Application policy. Application policy enforces Application Visibility and Control (AVC) on the bridge VLAN traffic.

    Legacy WiNG 802.11ac APs, running WiNG 5.9.X or WiNG 7.2.1 OS, use a third-party DPI engine to detect top-level hosting applications along with the services these applications host. Once detected, an Application Policy can be applied to dictate how each traffic type is managed. For legacy APs, select an Application Policy. The legacy APs are: AP7522, AP7532, AP7562, AP7612, AP7632, AP7662, AP8432, AP8533.

    To create a new Application Policy, click Create and the define the policy settings. For information on creating Application policies, see Create an Application Policy.

    The 802.11ax, AP5xx model APs, running WiNG 7.1.2 or later version of the WiNG 7 OS, use Purview™ libDPI. For the 11AX APs, select a Purview Application Policy. To create a new Purview Application Policy, click Create and the define the policy settings. Refer to the WiNG 7.2.1 CLI Reference guide for information on Purview Application policy and group.

  6. Set the following Extended VLAN Tunnel parameters:
    Bridging Mode Specify one of the following bridging modes for the VLAN.

    Automatic: Select automatic to let the controller, service platform or access point determine the best bridging mode for the VLAN.

    Local: Select Local to use local bridging mode for bridging traffic on the VLAN.

    Tunnel: Select Tunnel to use a shared tunnel for bridging traffic on the VLAN.

    isolated-tunnel: Select isolated-tunnel to use a dedicated tunnel for bridging VLAN traffic.
    IP Outbound Tunnel ACL Select an IP Outbound Tunnel ACL for outbound traffic from the drop-down menu. If an appropriate outbound IP ACL is not available, select the Create button to make a new one.
    MAC Outbound Tunnel ACL Select a MAC Outbound Tunnel ACL for outbound traffic from the drop-down menu. If an appropriate outbound MAC ACL is not available click the Create button to make a new one.
    Tunnel Over Level 2 Select this option to allow VLAN traffic to be tunneled over level 2 links. This setting is disabled by default.
    Note

    Note

    Local and Automatic bridging modes do not work with ACLs. ACLs can only be used with tunnel or isolated-tunnel modes.
  7. Set the following Extended VLAN Tunnel Authentication settings:
    MAC Authentication Select to enable source MAC authentication for extended VLAN and tunneled traffic (MiNT and L2TPv3) on this bridge VLAN. When enabled, it provides fast path authentications of clients, whose captive portal session has expired. This option is disabled by default.
    Captive-Portal Authentication Use the drop-down menu to specify authentication mode used for extended VLAN and tunneled traffic, on this Bridge VLAN. The options are:

    None – No Authentication mode used. This is the default setting.

    Authentication Failure – Configures MAC Authentication as the primary and Captive-Portal Authentication as the fall-back authentication mode.

    Always – Configures Captive-Portal Authentication as the only mode of Authentication
    Edge VLAN Mode Select this option to enable edge VLAN mode. When selected, the edge controller's IP address in the VLAN is not used, and is now designated to isolate devices and prevent connectivity. This feature is enabled by default.
  8. Set the following Layer 2 Firewall parameters:
    Trust ARP Response Select this option to use trusted ARP packets to update the DHCP Snoop Table to prevent IP spoof and arp-cache poisoning attacks. This feature is disabled by default.
    Trust DHCP Responses Select this option to use DHCP packets from a DHCP server as trusted and permissible within the managed network. DHCP packets are used to update the DHCP Snoop Table to prevent IP spoof attacks. This feature is disabled by default.
    Edge VLAN Mode Select this option to enable edge VLAN mode. When selected, the edge controller's IP address in the VLAN is not used, and is now designated to isolate devices and prevent connectivity. This feature is enabled by default.
  9. Select the OK button to save the changes to the General tab. Select Reset to revert to the last saved configuration.
9036512-00 Rev AA