beautypg.com

Wired switching – Brocade Mobility RFS7000-GR Controller System Reference Guide (Supporting software release 4.1.0.0-040GR and later) User Manual

Page 29

background image

Brocade Mobility RFS7000-GR Controller System Reference Guide

15

53-1001944-01

Software overview

1

Unicast From Mobile Unit – Frames are decrypted, converted from 802.11 to 802.3 and
switched to the wired side of the VLAN dynamically assigned to the mobile device. If the
destination is another mobile device on the wireless side, the frame is encrypted and switched
over the air.

Unicast To Mobile Unit – The frame is checked to ensure the VLAN is same as that assigned to
the mobile device. It is then converted to an 802.11 frame, encrypted, and sent over the air.

Multicast/Broadcast From Mobile Unit – The frame is treated as a unicast frame from the MU,
with the exception that it is encrypted with the per-VLAN broadcast key and then transmitted
over the air.

Multicast/Broadcast from Wired Side – If the frame comes from a VLAN mapped to the WLAN,
it’s encrypted using a per-VLAN broadcast key and transmitted over the air. Only MUs on that
VLAN have a broadcast key that can decrypt this frame. Other MUs receive it, but discard it.
In general, when there are multiple VLANs mapped to the same WLAN, the broadcast buffer
queue size scales linearly to accommodate a potential increase in the broadcast packet
stream.

Roaming within the switch
When a MU is assigned to a VLAN, the switch registers the VLAN assignment in its credential cache.
If the MU roams, it is assigned back to its earlier assigned VLAN. The cache is flushed upon
detected MU inactivity or if the MU associates over a different WLAN (on the same switch).

Roaming across a cluster
MUs roam amongst switch cluster members. The switch must ensure a VLAN remains unchanged
as an MU roams. This is accomplished by passing MU VLAN information across the cluster using
the interface used by a hotspot. It automatically passes the username/password across the
credential caches of the member switches. This ensures a VLAN MU association is maintained
even while the MU roams amongst cluster members.

Roaming across a Layer 3 mobility domain
When an MU roams amongst switches in different Layer 3 mobility domains, Layer 3 ensures traffic
is tunneled back to the correct VLAN (on the home switch).

Interaction with RADIUS assigned VLANs
Multiple VLANs per WLAN can co-exist with VLANs assigned by a RADIUS server. Upon association,
an MU is assigned to a VLAN from a pool of available VLANs. When the RADIUS server assigns the
user another VLAN, MU traffic is forwarded to that VLAN.

When 802.1x is used, traffic from the MU is dropped until authentication is completed. None of the
MU data is switched onto the temporarily VLAN. A RADIUS assigned VLAN overrides the statically
assigned VLAN.

If the RADIUS assigned VLAN is among the VLANs assigned to a WLAN, it is available for VLAN
assignment in the future. If the RADIUS assigned VLAN is not one of the VLANs assigned to a
WLAN, it is not available for future VLAN assignment. To configure Multiple VLANs for a single
WLAN, see

“Assigning multiple VLANs per WLAN”

on page 104.

Wired switching

The switch includes the following wired switching features:

DHCP servers

See also other documents in the category Brocade Computer Accessories: