Override Bridge VLAN Configuration

About this task

A VLAN (Virtual LAN ) is separately administrated virtual network within the same physical network. VLANs are broadcast domains defined within switches to allow control of broadcast, multicast, unicast, and unknown unicast within a Layer 2 device.

To override an device profile's Bridge VLAN configuration:

Procedure

  1. Go to Configuration → Devices.
    The Device Configuration screen displays. This screen lists wireless controllers, service platforms and access points within the managed network.
  2. Select a device from the list displayed.
    The selected device's configuration screen displays.
  3. Expand the Network node and select Bridge VLAN. The Bridge VLAN Main screen displays. This screen displays existing Bridge VLAN configurations.
    Click to expand in new window
    Profile Overrides - Network - Bridge VLAN - Main Screen
  4. Review the following VLAN configuration parameters to determine whether an update is warranted:
    VLAN Lists the numerical identifier defined for the Bridge VLAN when initially created. The available range is from 1 - 4095. This value cannot be modified during the edit process.
    Description Lists a description of the VLAN assigned when it was created or modified. The description should be unique to the VLAN's specific configuration and help differentiate it from other VLANs with similar configurations.
    Edge VLAN Mode Defines whether the VLAN is currently in edge VLAN mode. A green checkmark defines the VLAN as extended. An edge VLAN is the VLAN where hosts are connected. For example, if VLAN 10 is defined with wireless clients, and VLAN 20 is where the default gateway resides, VLAN 10 should be marked as an edge VLAN and VLAN 20 shouldn't. When defining a VLAN as an edge VLAN, the firewall enforces additional checks on hosts in that VLAN. For example, a host cannot move from an edge VLAN to another VLAN and still keep firewall flows active.
    Trust ARP Response When ARP trust is enabled, a green checkmark displays. When disabled, a red "X" displays. Trusted ARP packets are used to update the IP-MAC Table to prevent IP spoof and arp-cache poisoning attacks.
    Trust DHCP Responses When DHCP trust is enabled, a green checkmark displays. When disabled, a red "X" displays. When enabled, DHCP packets from a DHCP server are considered trusted and permissible. DHCP packets are used to update the DHCP Snoop Table to prevent IP spoof attacks.
  5. Click Add to define a new bridge VLAN configuration, Edit to modify an existing bridge VLAN configuration or Delete to remove a VLAN configuration.
9036512-01 Rev AB