User guide
Overview of the SCALANCE WLC711 Solution
SCALANCE WLC711 and Your Network
SCALANCE WLC711
User Guide, V8.11, 07/2012, C79000-G8976-C260-03 1-11
VNS Components
The distinct constituent high-level configurable umbrella elements of a VNS are:
• Topology
• Policy
• Classes of Service
• WLAN Service
Topology
Topologies represent the networks with which the SCALANCE IWLAN Controller and its APs
interact. The main configurable attributes of a topology are:
• Name - a string of alphanumeric characters designated by the administrator.
• VLAN ID - the VLAN identifier as specified in the IEEE 802.1Q definition.
• VLAN tagging options.
• Port of presence for the topology on the SCALANCE IWLAN Controller. (This attribute is not
required for Routed and Bridged at AP topologies.)
• Interface. This attribute is the IP (L3) address assigned to the SCALANCE IWLAN Controller
on the network described by the topology. (Optional.)
• Type. This attribute describes how traffic is forwarded on the topology. Options are:
– “Physical” - the topology is the native topology of a data plane and it represents the actual
Ethernet ports
– “Management” - the native topology of the SCALANCE IWLAN Controller management
port
– “Routed” - the controller is the routing gateway for the routed topology.
– “Bridged at Controller” - the user traffic is bridged (in the L2 sense) between wireless
clients and the core network infrastructure.
– “Bridged at AP” - the user traffic is bridged locally at the AP without being redirected to
the SCALANCE IWLAN Controller.
• Exception Filters. Specifies which traffic has access to the SCALANCE IWLAN Controller
from the wireless clients or the infrastructure network.
• Certificates.
• Multicast filters. Defines the multicast groups that are allowed on a specific topology segment.
Policy
A Policy is a collection of attributes and rules that determine actions taken user traffic accesses the
wired network through the WLAN service (associated to the WLAN Service's SSID). Depending
upon its type, a VNS can have between one and three Authorization Policies associated with it:
1. Default non-authorized policy — This is a mandatory policy that covers all traffic from
stations that have not authenticated. At the administrator's discretion the default non-
authorized policy can be applied to the traffic of authenticated stations as well.