Manualshelf

MSM7xx Controllers Configuration Guide v6.4.0

ManualsBrandsHP ManualsNetwork HardwareHP 425 Wireless Dual Radio 802.11n (WW) Access Point
221222223224225226227228229230
Example 1 Overriding the VSC egress on a controller with a user-assigned VLAN
This example illustrates how a user-assigned VLAN can override a VSC egress setting on the
controller.
Configuration summary
APs are bound to a VSC that has Wireless mobility disabled
VSC type: Access controlled
Egress network in VSC binding: Defined VLAN = 10
Client data tunnel: Disabled
User-assigned VLAN is assigned via RADIUS or local user accounts: Assigned VLAN = 30
User-assigned VLAN exists on AP or controller: VLAN 30 is defined on the controller Internet
port
Result: Traffic is sent on the APs Ethernet port tagged with the VLAN specified by the Egress
network in the VSC binding. The Egress network VLAN must match the ingress VLAN on the
bound VSC (or be altered by a switch between the AP and the controller to do so) otherwise
traffic from the AP will not reach the controller. Because the is a non-access-controlled VSC,
the user-assigned VLAN applies only on the controller. Therefore, user traffic exits the controller
on the user-assigned VLAN, which overrides the VSC egress mapping (no VLAN) defined for
the VSC Guest.
Priv
at
e
networ
k
Po
rt
1
M
a
n
a
g
e
m
e
n
t
t
r
a
f
f
i
c
A
u
t
h
e
n
t
i
c
a
t
i
o
n
t
r
a
f
f
i
c
Contr
oller
Sw
itc
h
User
A
U
s
e
r
t
r
a
f
f
i
c
AP
Untagged
User A
Notebook
-SSID=Guest
Untagged
VLAN=10
Untagged
AP
VSC binding
-VSC=Guest
-Egress network=10
Management
-Default settings
Controller
VSC Guest
-VSC ingress=VLAN 10
-VSC egress=No VLAN
-WPA via RADIUS
Management
-Default settings
Private network
User gains access to
resources on the private
network.
VLAN=30
RADIUS
Ser
ve
r
Contr
oller
RADIUS server
User A
-VLAN=30
Untagged
(VLAN
30)
In this example, the egress network in the APs VSC binding is set to 10. The AP sends user wireless
traffic to the controller on VLAN 10. This traffic is picked up by the controllers VSC with ingress
set to 10.
A VLAN of 30 is assigned to the user via their RADIUS account, which overrides the egress setting
for the VSC on the controller. As a result, the users traffic exits the controller on VLAN 30, which
is mapped to the controller Internet port.
Traffic flow examples 227