Configures VLAN Ethernet bridging parameters. Use this command to configure a Bridge NAT or Bridge VLAN settings
Configuring bridge NAT (Network Address Translation) parameters, allows management of Internet traffic originating at a remote site. In addition to traditional NAT functionality, bridge NAT provides a means of configuring NAT for bridged traffic through an access point. NAT rules are applied to bridged traffic through the access point, and matching packets are NATed to the WAN link instead of being bridged on their way to the router. Using bridge NAT, a tunneled VLAN (extended VLAN) is created between the NOC and a remote location. When a remote client needs to access the Internet, Internet traffic is routed to the NOC, and from there routed to the Internet. This increases the access time for the end user on the client. To resolve latency issues, bridge NAT identifies and segregates traffic heading towards the NOC and outwards towards the Internet. Traffic towards the NOC is allowed over the secure tunnel. Traffic towards the Internet is switched to a local WLAN link with access to the Internet.
A VLAN (Virtual LAN) is a separately administrated virtual network within the same physical managed network. VLANs are broadcast domains defined within wireless controllers or service platforms to allow control of broadcast, multicast, unicast, and unknown unicast within a layer 2 device. Administrators often need to route traffic between different VLANs. Bridging VLANs are only for non-routable traffic, like tagged VLAN frames destined to some other device, which will untag it. When a data frame is received on a port, the VLAN bridge determines the associated VLAN based on the port of reception. Using forwarding database information, the bridge VLAN forwards the data frame on the appropriate port(s). VLANs are useful to set separate networks to isolate some computers from others, without actually having to have separate cabling and Ethernet switches. Controllers can do this on their own, without need for the computer or other gear to know itself what VLAN it is on (this is called port-based VLAN, since it is assigned by port of the switch). Another common use is to put specialized devices like VoIP Phones on a separate network for easier configuration, administration, security, or service quality.
bridge
[nat|vlan]
bridge nat source list <IP-ACCESS-LIST-NAME> precedence <1-500> interface [<LAYER3-INTERFACE-NAME>|pppoe1|vlan <1-4094>|wwan1] [(address|interface| overload|pool <NAT-POOL-NAME>)]
bridge vlan [<1-4094>|<VLAN-ALIAS-NAME>]
bridge nat source list <IP-ACCESS-LIST-NAME> precedence <1-500> interface [<LAYER3-INTERFACE-NAME>|pppoe1|vlan <1-4094>|wwan1] [(address|interface|overload| pool <NAT-POOL-NAME>)]
nat | Configures bridge NAT parameters |
source | Configures NAT source addresses |
list <IP-ACCESS-LIST-NAME> precedence <1-500> | Associates an
access control list (ACL) with this bridge NAT policy. The ACL specifies the
IP address permit/deny rules applicable to this bridge NAT policy.
|
interface [<LAYER3-INTERFACE-NAME>| pppoe1|vlan <1-4094>| wwan1] | Selects one of
the following as the primary interface (between the source and destination
points):
|
[(address|interface| overload|pool <NAT-POOL-NAME>)] | The following
keywords are recursive and common to all interface types:
|
bridge vlan [<1-4094>|<VLAN-ALIAS-NAME>]
vlan <1-4094> | Configures the
numerical identifier for the Bridge VLAN when it was initially created.
|
vlan <VLAN-ALIAS-NAME> | Configures the
VLAN alias (should be existing and configured) identifying the bridge
VLAN
|
Creating customized filter schemes for bridged networks limits the amount of unnecessary traffic processed and distributed by the bridging equipment.
If a bridge does not hear Bridge Protocol Data Units (BPDUs) from the root bridge within the specified interval, defined in the max-age (seconds) parameter, assume the network has changed and recomputed the spanning-tree topology.
nx9500-6C8809(config-profile-default-ap505)#bridge vlan 1 nx9500-6C8809(config-profile default-ap505-bridge-vlan-1)#? Bridge VLAN Mode commands: bridging-mode Configure how packets on this VLAN are bridged captive-portal Captive Portal captive-portal-enforcement Enable captive-portal enforcement on this bridge VLAN description Vlan description edge-vlan Enable edge-VLAN mode firewall Enable vlan firewall(IPv4) http-analyze Forward URL and Data to controller ip Internet Protocol (IP) ipv6 Internet Protocol version 6 (IPv6) l2-tunnel-broadcast-optimization Enable broadcast optimization l2-tunnel-forward-additional-packet-types Forward additional packet types not normally forwarded by l2 broadcast optimization mac-auth Enable mac-auth for this bridge vlan name Vlan name no Negate a command or set its defaults registration Enable dynamic registration of device (or) user stateful-packet-inspection-l2 Enable stateful packet inspection in layer2 firewall tunnel Vlan tunneling settings tunnel-over-level2 Tunnel extended VLAN traffic over level 2 MiNT links use Set setting to use clrscr Clears the display screen commit Commit all changes made in this session do Run commands from Exec mode end End current mode and change to EXEC mode exit End current mode and down to previous mode help Description of the interactive help system revert Revert changes service Service Commands show Show running system information write Write running configuration to memory or terminal nx9500-6C8809(config-profile default-ap505-bridge-vlan-1)#