Additional lan subnet, On-board radius server authentication – Brocade Mobility 7131N-FGR Access Point Product Reference Guide (Supporting software release 4.0.0.0-35GRN and later) User Manual
Page 27
Brocade Mobility 7131N-FGR Product Reference Guide
15
53-1001947-01
Feature overview
1
the wireless client adds the connection as a port on its bridge module. This causes the access
point (in client bridge mode) to begin forwarding configuration packets to the base bridge. An
access point in base bridge mode allows the access point radio to accept client bridge
connections.
The two bridges communicate using the Spanning Tree Protocol (STP). The spanning tree
determines the path to the root and detects if the current connection is part of a network loop with
another connection. Once the spanning tree converges, both access points begin learning which
destinations reside on which side of the network. This allows them to forward traffic intelligently.
After the access point (in client bridge mode) establishes at least one wireless connection, it will
begin beaconing and accepting wireless connections (if configured to support mobile users). If the
access point is configured as both a client bridge and a base bridge, it begins accepting client
bridge connections. In this way, the mesh network builds itself over time and distance.
Once the access point (in client bridge mode) establishes at least one wireless connection, it
establishes other wireless connections in the background as they become available. In this way,
the access point can establish simultaneous redundant links. An access point (in client bridge
mode) can establish up to 3 simultaneous wireless connections with other access points. A client
bridge always initiates the connections and the base bridge is always the acceptor of the mesh
network data proliferating the network.
Since each access point can establish up to 3 simultaneous wireless connections, some of these
connections may be redundant. In that case, the STP algorithm determines which links are the
redundant links and disables the links from forwarding.
For an overview on mesh networking as well as details on configuring the access point’s mesh
networking functionality, see
Additional LAN subnet
In a typical retail or small office environment (wherein a wireless network is available along with a
production WLAN) it is often necessary to segment a LAN into two subnets. Consequently, a second
LAN is required to “segregate” wireless traffic.
The access point has a second LAN subnet enabling administrators to segment the access point’s
LAN connection into two separate networks. The main access point LAN screen now allows the
user to select either LAN1 or LAN2 as the active LAN over the access point’s Ethernet port. Both
LANs can still be active at any given time, but only one can transmit over the access point’s
physical LAN connection. Each LAN has a separate configuration screen (called LAN 1 and LAN 2
by default) accessible under the main LAN screen. The user can rename each LAN as necessary.
Additionally, each LAN can have its own Ethernet Type Filter configuration, and subnet access
(HTTP, SSH, SNMP and telnet) configuration.
For detailed information on configuring the access point for additional LAN subnet support, see
“Configuring the LAN interface”
On-board Radius Server authentication
The access point can function as a Radius Server to provide user database information and user
authentication. Several new screens have been added to the access point’s menu tree to configure
Radius server authentication and configure the local user database and access policies. The new
Radius Server functionality allows an administrator to define the data source, authentication type
and associate digital certificates with the authentication scheme. The LDAP screen allows the
administrator to configure an external LDAP Server for use with the access point. A new Access