I have a question regarding user traffic policies. I know how to create and apply them, this is just more me wondering how they work. I have an SSID that is not configured to tunnel back to the controller (SmartZone 100). My AP's are on trunks that carry all the VLANS for the different vlan pools. I can create a traffic policy and apply it to a user role and it works. I thought that would only work if I was tunneling the traffic to the controller and that any restrictions would have to be on the network level through ACL's.
Hey John, All the UTP actions are performed on the AP so that you can enforce consistent policies on both tunneled and non-tunneled WLANs. In role-based policy scenarios, if you are using the SZ to centralize the authentication process (i.e. SZ is AAA/RADIUS/NAS Client), then the role is resolved on the SZ and sent to the AP for policy mapping. Otherwise, the AP does this locally.