Wireless Access

I understand these options should not be enabled for bridged ssids.

What is not clear to me is the recommended settings for split-tunnel.

Particularly interested in guest split-tunnel where all traffic for authenticated users is 'route src-nat'.

It doesn't really mean anything for bridged SSIDs.  It also does not mean anything for split-tunneled SSIDs.  Having it enabled does not really do anything.

Thanks.  Good to know.

Has that changed recently, cause I know in the past having 'broadcast-filter arp' enabled on a bridged ssid caused things to break?

Not that I know of.  Those knobs are really processed at the controller;  bridged SSIDs traffic is processed at the AP.

From the CLI guide it says,

 

Do not enable this option for virtual APs configured in bridge forwarding mode.  This configuration parameter is only intended for use for virual APs in tunnel mode. In tunnel mode, all packets travel to the controller, so the controller is able to convert ARP requests directed to the broadcast address into unicast. When a virtual AP is configured to use bridge forwarding mode, most data traffic stays local to the AP, and the controller is not able to convert that broadcast traffic.

 

In the past this means that if you enable that on a bridged ssid, things break.  Devices connect then after a while disappear from the network, until you reboot them.  If that parameter is overridden or ignored when the ssid is set to bridged, that is good.

 

 

 

You should do what the user guide says....

but the guide doesn't say what to do for split-tunnel.

Why don't you try it and tell us.  I have not seen a problem either way.

 

Michael_Clarke,
I have it enabled on split-tunnel and doesn't break anything for 2 very large customers, no issues.