1-18
Motorola RF Switch Systen Reference
Limiting Users Per VLAN
Not all VLANs within a single WLAN must have the same DHCP pool size. Assign a user limit to each VLAN
to allow the mapping of different pool sizes.
Specify the VLAN user limit. This specifies the maximum number of MUs associated with a VLAN (for a
particular WLAN). When the maximum MU limit is reached, no more MUs can be assigned to that VLAN.
Packet Flows
There are four packet flows supported when the switch is configured to operate with multiple VLAN per
WLAN:
•
Unicast From Mobile Unit
– Frames are decrypted, converted from 802.11 to 802.3 and switched to the
wired side of the VLAN dynamically assigned to the mobile device. If the destination is another mobile
device on the wireless side, the frame is encrypted and switched over the air.
•
Unicast To Mobile Unit
– The frame is checked to ensure the VLAN is same as that assigned to the mobile
device. It is then converted to an 802.11 frame, encrypted, and sent over the air.
•
Multicast/Broadcast From Mobile Unit
– The frame is treated as a unicast frame from the MU, with the
exception that it is encrypted with the per-VLAN broadcast key and then transmitted over the air.
•
Multicast/Broadcast from Wired Side
– If the frame comes from a VLAN mapped to the WLAN, it’s
encrypted using a per-VLAN broadcast key and transmitted over the air. Only MUs on that VLAN have a
broadcast key that can decrypt this frame. Other MUs receive it, but discard it.
In general, when there are multiple VLANs mapped to the same WLAN, the broadcast buffer queue size
scales linearly to accommodate a potential increase in the broadcast packet stream.
Roaming within the Switch
When a MU is assigned to a VLAN, the switch registers the VLAN assignment in its credential cache. If the
MU roams, it is assigned back to its earlier assigned VLAN. The cache is flushed upon detected MU inactivity
or if the MU associates over a different WLAN (on the same switch).
Roaming across a Cluster
MUs roam amongst switch cluster members. The switch must ensure a VLAN remains unchanged as an MU
roams. This is accomplished by passing MU VLAN information across the cluster using the interface used by
a hotspot. It automatically passes the username/password across the credential caches of the member
switches. This ensures a VLAN MU association is maintained even while the MU roams amongst cluster
members.
Roaming across a Layer 3 Mobility Domain
When an MU roams amongst switches in different Layer 3 mobility domains, Layer 3 ensures traffic is
tunneled back to the correct VLAN (on the home switch).
Interaction with Radius Assigned VLANs
Multiple VLANs per WLAN can co-exist with VLANs assigned by a Radius server. Upon association, an MU
is assigned to a VLAN from a pool of available VLANs. When the Radius server assigns the user another
VLAN, MU traffic is forwarded to that VLAN.
When 802.1x is used, traffic from the MU is dropped until authentication is completed. None of the MU data
is switched onto the temporarily VLAN. A Radius assigned VLAN overrides the statically assigned VLAN.
If the Radius assigned VLAN is among the VLANs assigned to a WLAN, it is available for VLAN assignment
in the future. If the Radius assigned VLAN is not one of the VLANs assigned to a WLAN, it is not available
Summary of Contents for RFS Series
Page 1: ...M Motorola RFS Series Wireless LAN Switches WiNG System Reference Guide ...
Page 10: ...TOC 8 Motorola RF Switch System Reference Guide ...
Page 56: ...2 8 Motorola RF Switch System Reference ...
Page 334: ...5 52 Motorola RF Switch System Reference 2 Select the MU Status tab ...
Page 510: ...7 32 Motorola RF Switch System Reference Guide ...
Page 534: ...8 24 Motorola RF Switch System Reference Guide ...
Page 570: ...C 14 Motorola RF Switch System Reference Guide ...
Page 589: ......