You can classify wired traffic based not only on the incoming physical port but also on the VLAN associated with the port carrying traffic. For eg, say the user is connected on VLAN 10 and needs to pass traffic through wired port 1/0. If VLAN 10 on that wired port is marked as untrusted then any traffic on VLAN 10 through that port is marked as untrusted.
When you define a physical port or a VLAN associated to that port as untrusted, traffic passing through that port needs to go through a predefined access control list policy. You can set a range of VLANs as trusted or untrusted on a trunk port.
Following table lists the various port/VLAN combination to determine if the user traffic is trusted or untrusted:
Port | VLAN | Traffic Status |
Trusted | Trusted | Trusted |
Untrusted | Untrusted | Untrusted |
Untrusted | Trusted | Untrusted |
Trusted | Untrusted | Untrusted |
Environment : This article applies to all controller models and OS versions.
read more here:
http://community.arubanetworks.com/t5/Controller-Based-WLANs/How-to-configure-a-port-or-a-VLAN-to-be-trusted-or-untrusted/ta-p/187924