Specifications
tagging is performed inside the tunnel and not exposed to the switch. If you are using BlueSecure
access points you are not required to put the BSAPs or the BSC's managed interface on trunk
ports. They can be placed on access ports. This may be referred to as untagged ports on some
switches. The exception to this is the BSAP-1600. BSAP-1600s do not support EtherIP
tunneling.
3rd Party Access Points
If you are using 3rd party access points and you want to deploy multiple ssid assigned to
multiple managed side vlans both the 3rd party access points and the BSC's managed interface
must be placed on trunk ports. This may be referred to as tagging vlans on some switches. Here
is an example vlan setup with the BSC, 3rd Party AP and Cisco switches.
-BSC's protected physical interface on vlan 5. This could be the existing wired network or a dmz.
-BSC's managed physical interface on vlan 10. Vlan 10 is used for 3rd party AP management in
this example.
-Employee ssid assigned to managed vlan 15
-Guest ssid assigned to managed vlan 20
BSC's Protected Interface Switchport Configuration
Switchport mode access vlan 5
BSC's Managed Interface Switchport Configuration
Switchport mode trunk
Switchport trunk encapsulation dot1q
Switchport trunk allowed vlan 10,15,20
Switchport trunk native vlan 10
3rd Party APs switchport Configuration
Switchport mode trunk
Switchport trunk encapsulation dot1q
Switchport trunk allowed vlan 10,15,20
Switchport trunk native vlan 10
***The physical interfaces of the BSC cannot send or receive dot1q tags, only the vlan
interfaces can. Notice above the protected physical interface is on an access port (untagged)
and the managed physical interface is on the native vlan of the trunk (untagged).
Here is the same example vlan setup with HP switches.
vlan 5
untagged e10
vlan 10
untagged e11,e12
vlan 15
tagged e11,e12
vlan 20