Wireless Design Guide

Elisity supports several different design options regarding Policy Enforcement for Wireless traffic. 

 

Tunneled/CAPWAP

In this design, wireless access points are connected to our access layer Policy Enforcement Point. Our AP sends Encapsulated (tunneled) traffic to our Wireless LAN Controller. Traffic to the local network is then unencapsulated at the WLAN controller and the Aggregation Layer Policy Enforcement Point (Virtual Edge Node) gleans traffic data and enforces policy. Your access switch can also serve as a Policy Enforcement Point for any assets connected locally.

Note: If traffic is configured to be locally routed on the AP intra-VLAN, traffic will never get to the switch and there is no way to enforce policy for local traffic on the AP. Most WLAN providers offer built-in functionality to enforce wireless to wireless traffic.

Local Trunk to Access Switch

In this design, Access Points are connected via trunk port to the an Access Layer switch onboarded as a Policy Enforcement Point. We see wireless traffic on the switch, and are able to enforce policy inter-VLAN for this traffic.

You can also create Policy to lock down what APs can talk to what WLAN Controllers, and what protocols are permitted.

Note: If traffic is configured to be locally routed on the AP intra-VLAN, traffic will never get to the switch and there is no way to enforce policy for local traffic on the AP. Most WLAN providers offer built-in functionality to enforce wireless to wireless traffic.

 

 

Cloud Wireless

In this design, your access points are connected directly to a Virtual Edge Node for policy enforcement. In practice, this behaves no different than a local wireless controller. Traffic from the AP through the switch is not CAPWAP or tunneled, making the data collected by our Virtual Edge Node usable and enabling policy enforcement directly at the access layer.

Note: If traffic is configured to be locally routed on the AP intra-VLAN, traffic will never get to the switch and there is no way to enforce policy for local traffic on the AP. Most WLAN providers offer built-in functionality to enforce wireless to wireless traffic.

 

Was this article helpful?
0 out of 0 found this helpful