Manualshelf

Specifications

ManualsBrandsADTRAN ManualsComputer equipmentBlueSecure Controller
321322323324325326327328329330
Appendix A:
A-4
To configure a termination VLAN properly, do
not
configure a VLAN interface on the
protected side with a VLAN ID that corresponds to a VLAN interface on the managed
side.
Initiation/Switched VLANs
With initiation or switched VLANs on the BSC, VLAN tags are added to packets exiting
the BSC on the protected side based on the user’s Role.
Knowing that each user authenticates into a Role on the BSC, you may configure Roles on
the BSC to automatically tag packets exiting the BSC with a particular VLAN ID. This
capability enables you to route traffic from particular users to particular VLANs on the
protected side.
The following figure illustrates use of an Initiation VLAN on the Bluesocket BSC.
Initiation and switched VLAN are identical except that for switched VLANs there is an
input VLAN on the managed side. This VLAN is not the same ID as the one going out the
protected side. In the case of the same VLAN ID coming in and going out, no role-based
tagging is required. See “Pass-Through VLANs” on page A-3.
)
Note: Since Roles on the BSC are made up of a set of policies governing network usage
(including network services), packets entering the BSC from a particular user may leave
with different VLAN IDs (VLAN tags) based on the network service the user is using on the
managed side at that point in time.
See “Creating a VLAN on the Protected Side (Optional)” on page 4-5 for information
about creating VLANs on the protected interface. See “Defining a Role” on page 8-4 for
information about adding VLAN tagging to Roles.
In summary, create:
VLAN interfaces on both the managed and protected sides with the same VLAN ID to
cause the VLAN traffic to pass-through the BSC
a VLAN on the managed side with no corresponding VLAN on the protected side to
terminate VLAN traffic on the BSC
VLAN interfaces on the protected side and configure VLAN tagging within a Role to
cause user traffic to initiate the VLANs from the BSC
Figure A-4: An Initiation VLAN
Power
Reset
D
I
S
K
P
W
R
WG-2100 Wireless Gateway
123456
7 8 9 101 11 2
A
B
12x
6x
8x
2x
9x
3x
10x
4x
11x
5x
7x
1x
Ethernet
A
12x
6x
8x
2x
9x
3x
10x
4x
11x
5x
7x
1x
C
MAC Frame
Untagged VLAN
Untagged VLAN
Tagged VLAN
VLAN ID N
BlueSecure
Controller
Switch
Protected
Network
Access
Point
Managed Side Protected Side
MAC Frame MAC Frame
Tag
VLAN 2
VLAN 3
User
Role