Hi folks!
Customer is using IAP-VPN setup where SSID VLAN (say VLAN=X) is configured to use DHCP in Centralized L2 mode, split-tunnel is not in use. This is existing deployment and proven to be functional. They have several IAP clusters broadcasting the SSID and sharing the same L2 network, wireless clients have been able to connect, get IP address and send traffic via WLC in the DC.
Question arose what should happen if the WLC in the DC doesn't have the VLAN=X configured. Should the WLC still accept VLAN=X traffic coming via IAP-VPN tunnel and possibly forward it to other IAP-VPN tunnels?
If we think of common LAN switch functionality the answer is no: the switch will just discard the frame since it's not aware of the existence of VLAN=X. But, does the same apply to WLC too, will it discard the frame since there's no VLAN=X configured in the WLC?
And what if the frame is a broadcast frame, for example DHCP Discover? Will the WLC forward the frame, or just discard it?
What if we have two VLANs using Centralized L2 DHCP, say VLAN=X and VLAN=Y? Any difference in behaviour?
I would think no; the WLC will not forward the frame of VLAN=X if the WLC doesn't have VLAN=X configuration.
Below diagram for your reference:
------------------------------
gone fishing.
------------------------------