Brocade Mobility Access Point System Reference Guide (Supporting software release 5.5.0.0 and later) User Manual

318

Brocade Mobility Access Point System Reference Guide

53-1003100-01

5

FIGURE 166

Device Overrides - Network Bridge VLAN screen

Review the following VLAN configuration parameters to determine whether an override is
warranted:

Select Add to define a new Bridge VLAN configuration, Edit to modify or override an existing Bridge
VLAN configuration or Delete to remove a VLAN configuration.

VLAN

Lists the numerical identifier defined for the Bridge VLAN when it was initially created. The
available range is from 1 - 4094. This value cannot be modified during the edit process.

Description

Lists a 64 character maximum description of the VLAN assigned when it was created or modified.
The description should be unique to the VLAN’s specific configuration and help differentiate it
from other VLANs with similar configurations.

Edge VLAN Mode

Defines whether the VLAN is currently in edge VLAN mode. An edge VLAN is the VLAN where
hosts are connected. For example, if VLAN 10 is defined with wireless clients and VLAN 20 is
where the default gateway resides, VLAN 10 should be marked as an edge VLAN and VLAN 20
shouldn’t be marked as an edge VLAN. When defining a VLAN as edge VLAN, the firewall enforces
additional checks on hosts in that VLAN. For example, a host cannot move from an edge VLAN to
another VLAN and still keep firewall flows active.

Trust ARP Response

When ARP trust is enabled, a green check mark displays. When disabled, a red “X” displays.
Trusted ARP packets are used to update the IP-MAC Table to prevent IP spoof and arp-cache
poisoning attacks.

Trust DHCP Responses

When DHCP trust is enabled, a green check mark displays. When disabled, a red “X” displays.
When enabled, DHCP packets from a DHCP server are considered trusted and permissible within
the network. DHCP packets are used to update the DHCP Snoop Table to prevent IP spoof
attacks.