- In X460, I configure:
+ VLAN 10 and 50
+ Gateway: 172.16.10.254/24 and 172.16.50.254/24; Inter-vlan routing.
+ DHCP server for VLAN 10, 50 and enable dhcp on port 1 and 2
+ Access vlan 50 on port 2
+ Access vlan 50 and trunk vlan 10 in port 1
- In RFS 4010, I configure:
+ Profile RFS4010: VLAN 10, 50. Access vlan 50 and trunk vlan 10 on port GE1
+ Profile AP-7522: VLAN 10, 50. Access vlan 50 on GE1
+ WLAN: Test_vlan10 (vlan 10) and Test_vlan50 (vlan 50). 2 WLAN were configured in mode Tunnel
+ If PC connect WLAN: Test_vlan50 --> PC was offered IP from DHCP server (X460) with IP: 172.16.50.x/24
+ If PC connect WLAN: Test_vlan10 --> PC was not offered IP from DHCP server (X460).
Tunneling does route all traffic back to the RFS. This is necessary if you are roaming across different subnet or if yo want to monitor ALL client traffic at a single point on the network. MINT is used more for AP management.
The AAA policy can do either proxy through controller or go direct to authentication service
If you set up Access port on the AP, then the switch port should also be set up as Access. Don't mix switchport trunk and access modes. Native vlan should be the vlan for the AP. allowed vlans should include 10 and 50.
Best to get with your Extreme SE to discuss this design in detail to make sure you are clear on Tunneling and roaming, RF-Domain design and traffic shaping and monitoring points.
There are many ways to set up tunneling and traffic shaping. It is best for the originator of this question to work with their local Extreme SE to fully understand what the customer is trying to do. My config for tunneling is much different that what yours is apparently. Let's not confuse this. Best to work with local SE to determine best configuration for their network and use. We are both trying to offer our interpretation of how this person should configure this and in the end it is their decision as to how they implement correctly to match their needs. Check with the SE. It is what they do.