MSM7xx Controllers Configuration Guide v6.4.0
Example 2 Overriding the egress network in a VSC binding with a user-assigned VLAN
In this scenario, a non-access-controlled VSC is used to illustrate how a user-assigned VLAN can
override the egress network defined for a VSC binding.
Configuration summary
• APs are bound to a VSC that has Wireless mobility disabled
• VSC type: Non-access-controlled
• Egress network in VSC binding: Defined VLAN = 10
• Client data tunnel: Disabled
• User-assigned VLAN is assigned via RADIUS or local user accounts: No VLAN is assigned to
User A. A VLAN of 20 is assign to User B.
• User-assigned VLAN exists on AP or controller: Not applicable
Result:
• User A: The Egress network setting in the VSC binding is used. Traffic is sent on the APs
Ethernet port tagged with VLAN 10.
• User B: The Egress network setting in the VSC binding is ignored. Traffic is sent on the APs
Ethernet port tagged with the user-assigned VLAN (20).
RADIUS
Ser
ve
r
Networ
k
1
Untagged
User A
Notebook
-SSID=Guest
Network 1
User gains access to
resources on network 1.
Untagged
VLAN=10
AP
VSC binding
-VSC=Guest
-Egress network=VLAN 10
Management
-Default settings
Controller
VSC: Guest
-VSC ingress=SSID (Guest)
-WPA via RADIUS
Management
-Default settings
Po
rt
1
M
a
n
a
g
e
m
e
n
t
t
r
a
f
f
i
c
A
u
t
h
e
n
t
i
c
a
t
i
o
n
t
r
a
f
f
i
c
Controller
U
s
e
r
A
t
r
a
f
f
i
c
AP
Sw
itc
h
RADIUS server
User B
-VLAN=20
(VLAN
1
0)
Untagged
User B
Notebook
-SSID=Guest
U
se
r
A
U
se
r
B
Untagged
VLAN=20
Networ
k
2
(VLAN
20)
U
s
e
r
B
t
r
a
f
f
i
c
Untagged
Network 2
User gains access to
resources on network 2.
In this example, the AP is bound to an non-access-controlled VSC. User A illustrates default behavior.
User B illustrates how to override the default behavior with an user-assigned VLAN.
• User A does not have a VLAN assigned via RADIUS, so traffic from this user exits the APs
Ethernet port on the egress network (VLAN 10) defined in the VSC binding, allowing it to
reach the network 1.
228 Working with VLANs