Wireless Access

Hello, i know what bridge, tunnel, and split-tunnel does, but I don't know when to use each of them. Can anyone give me a real-life use case example?

Thank you.

Tunnel: When you want all of the traffic to be centralized / terminate in a particular part of your network. For example, all of the user traffic must traverse a firewall or IDS/IPS before entering the internal network.

Bridge: When you have user VLANs that are not located at your controllers, but need to use them for a particular use case. Or also when the APs are located at another site, and you want to keep the WAN bandwidth down between your sites.

Split tunnel: Picking which one of the above scenarios works for a particular User Role, WLAN, or AP System.

Hi,

In addition to what Dustin said, please note that split-tunnel is only available when the AP is provisioned as a RAP. One real use case is if you have RAPs at remote sites but you have centralized captive portal at HQ.. you want only authentication traffic to go to HQ while you want the traffic to be bridged locally. Similarly, you might want only traffic going to corporate network to go via the tunnel while you want local traffic or internet traffic to be bridged locally.

Tunnel mode is usually the recommended mode. Traffic is directly tunneled from the AP to the controller. You don't need the user vlans to be available at the access layer. You will be able to benefit from all the features of the controller including PEF, AppRF, WEBCC..etc.

Bridge mode is the least recommended option. You use it when you really need to bridge traffic locally without sending it to the controller. One real use case is the wired ports of the hospitality APs. Usually, you connect IP Phones or IP TVs to the wired ports and you don't need to send all the traffic to the controller.. You want to bridge the traffic locally on the AP. Note this means that the switch port where the AP is connected must have the associated vlan (usually configured as trunk port)..