June 30, 2006
Confidential
Document Number BDTM10001-A05 Standard
BelAir100 User Guide
Layer 2 Network Configuration
There are no CLI commands for the BelAir100 bridge functions.
Note: Clients that associate with the BelAir100 are not allowed to operate as
a bridge. This is to prevent issues associated with network loops. The
BelAir100 will automatically disassociate without warning from any
client that is detected as behaving as a bridge; that is, sending
spanning-tree BPDUs. However, clients are allowed to operate as
router to allow features such as sharing a wireless Internet connection.
For this type of operation, BelAir Networks recommends that the
computer with the wireless connection to the BelAir100 have its
operating system configured to act as a router. For example, Microsoft
Windows XP offers the
Internet Sharing
function.
Using Virtual
LANs
A virtual LAN (VLAN) refers to a group of devices that communicate with each
other as if they were on the same physical LAN. VLANs have the following
benefits:
• You can control traffic by excluding broadcast traffic from the VLAN, and
including only those devices that must communicate with each other
• You can provide security by forcing traffic between VLANs through a routing
device.
For the BelAir100, an unlimited number of VLANs can be created for client
traffic. Up to four management VLANs can be configured. VLANs can be
implemented based on client SSID, as described in “Managing Access Radio
CAUTION!
Before assigning client SSID traffic to a VLAN on a BelAir100, you must
configure a BelAir200 VLAN subsystem with the same VLAN ID as specified on
the BelAir100. All traffic from the specified client is discarded by the BelAir200
if the mapped VLAN is not previously configured.
Data packets from the client are tagged for the appropriate VLAN by the access
radio. If the client traffic is bridged to a port with a backhaul radio that sends
the traffic to a BelAir200, then the BelAir200 segregates the traffic onto the
appropriate VLAN based on the tag. If the client traffic is bridged to the LPM
port, then the LPM sends the traffic onto the Ethernet connection without
removing the tag. This is different than the case of the BelAir200, where you
can choose to have the tag removed before the traffic is sent onto the Ethernet
connection.