724-746-5500 | blackbox.com
Page 150
724-746-5500 | blackbox.com
Chapter 9: Common Configuration Examples
The SmartPath AP Update Results page appears so that you can monitor the progress of the upload procedure. When complete,
“100%” appears in the Upload Rate column and “Successful” appears in the Update Result column.
Check that the VLANs are being applied properly:
In the Upload and Activate Configuration dialog box, click the host name of a SmartPath AP at Branch Office 1, and then select
View Configuration. Notice the VLAN ID that appears in the View Configuration-clusterap_name window that pops up:
user-profile name vlan-id 10
Close the Configuration Details window, and then click the host name of a SmartPath AP at Branch Office 2. The VLAN ID for
the same user profile is 20:
user-profile name vlan-id 20
If you click the host name for a SmartPath AP at Branch Office 3, you can see that its VLAN ID is 30:
user-profile name vlan-id 30
Make sure that all the SmartPath APs in the list at the bottom of Upload and Activate Configuration page are selected, and then
click Upload.
VMware PCoIP and CItrix ICA
With both PCoIP (PC-over-IP) and Citrix ICA (Independent Computing Architecture) desktop virtualization protocols now
predefined as services, you can quickly create firewall rules to allow or block these two services.
9.6 Example 6: Multiple Default Routes
Multiple Default Routes: You can configure multiple Layer 2 routes based on the VLAN ID of a user so that the SmartPath AP can
route Layer 2 traffic through different Ethernet interfaces as appropriate. This allows, for example, a guest user on a corporate
network segment to access a more appropriate segment for routing to the Internet while the SmartPath AP forwards traffic from
an employee on a different VLAN through a different Ethernet interface.
Multiple Default Routes
SmartPath APs with two Ethernet ports can now support multiple default routes based on the VLAN of the traffic. With this
feature configured, you can easily tunnel guest traffic from a SmartPath AP on a private network to a SmartPath AP in the DMZ.
The SmartPath AP in the DMZ terminates the tunnel and forwards it out eth1—properly tagged with the correct VLAN—to the
public network. For corporate traffic, the SmartPath AP applies a different VLAN tag and forwards it out eth0 to the corporate
network. To do this, the SmartPath AP that bridges the two subnets must meet the following requirements:
• The SmartPath AP must have two Ethernet ports.
• The SmartPath AP must have the eth1 port in backhaul mode.
• The Ethernet ports must not be set as an aggregate or redundant pair.
If your guest (public) network is on a separate subnet from your corporate (private) network, guests who connect through
SmartPath APs on your corporate subnet can be easily redirected to the public network using a SmartPath AP as an intermediary
to bridge the two disparate subnets. This intermediary SmartPath AP connects to your corporate subnet using its eth0 interface,
and to your public subnet using its eth1 interface. You configure eth0 to use the corporate VLAN by default, and eth1 to use the
public VLAN by default.