MSM7xx Controllers Configuration Guide v6.4.0

ManualsBrandsHP ManualsNetwork HardwareHP 425 Wireless Dual Radio 802.11n (WW) Access Point

211

212

213

214

215

216

217

218

219

220

12 Working with VLANs

Key concepts

The controller provides a robust and flexible virtual local area network (VLAN) implementation that

supports a wide variety of scenarios.

Up to 80 VLAN definitions can be created on the controller. VLAN ranges are supported, enabling

a single definition to span a range of VLAN IDs.

The following controller features are supported on a VLAN:

• Network address translation (However, static NAT mappings are not supported.)

• Management tool access

• SNMP access

• SOAP access

• VPN traffic

• L3 mobility

• AP discovery

VLAN usage

VLANs can be used in a number of different ways to affect traffic routing on a controller and its

APs. The following is a list of the most common VLAN uses:

• Controller VSC ingress: VLANs can be used to determine how incoming traffic is mapped to

a VSC on a controller. Assigning a VLAN range enables a single VSC to handle incoming

traffic on multiple VLANs. See “VSC ingress mapping” (page 122).

• Controller VSC egress: VLANs can be used to control how traffic is forwarded onto the wired

network by a VSC on the controller. Traffic can be sent to the LAN port or Internet port, either

untagged (no VLAN), tagged with a specific VLAN ID, or distributed across a range of VLAN

IDs (using a round-robin mechanism). See “VSC egress mapping” (page 123).

• VSC binding: When an AP group is bound to a VSC, an egress VLAN can be specified. This

egress is used in several different ways to route traffic depending on the features that are

active on the VSC. For example, when Mobility traffic manager is active, this VLAN becomes

the users home network. See “Binding VSCs to groups” (page 163).

• Switch port VLANs: The switch ports on the HP 517 or MSM317 can be bound to a specific

VLAN. See the HP 517 802.11ac Unified Walljack Configuration Guide and the MSM317

Access Device Installation and Configuration Guide.

• User account profile VLAN: A VLAN can be assigned in a user account profile, enabling you

to configure VLAN usage for groups of users (“Defining account profiles” (page 357)).

• VLAN assignment via RADIUS attributes: A VLAN can be assigned in a users RADIUS account,

enabling you to customize VLANs on a per-user basis. For example, when Mobility traffic

manager support is enabled on a VSC, RADIUS VLAN attributes can be used to define a users

home network. See “User-assigned VLANs” (page 221).

• Discovery VLAN: APs can be provisioned to discover controllers on a specific VLAN. See

“Provisioning APs” (page 171).

• VLANs on a trunk: On the MSM720 VLANs can be assigned to dynamic or static trunks. See

“Port trunking” (page 70).

218 Working with VLANs