Configuring and managing ports and VLANs 105Nortel WLAN—Security Switch 2300 Series Configuration Guidemember of the VLAN. The traffic can be of any protocol type. (For more information about Mobility Domains, see“Configuring and managing Mobility Domain roaming” (page 165).)Traffic forwardingA WSS switches traffic at Layer 2 among ports in the same VLAN. For example, suppose you configure ports 4 and 5 tobelong to VLAN 2 and ports 6 and 7 to belong to VLAN 3. As a result, traffic between port 4 and port 5 is switched, buttraffic between port 4 and port 6 is not switched and needs to be routed by an external router.802.1Q taggingThe tagging capabilities of the WSS are very flexible. You can assign 802.1Q tag values on a per-VLAN, per-port basis.The same VLAN can have different tag values on different ports. In addition, the same tag value can be used by differentVLANs but on different network ports.If you use a tag value, Nortel recommends that you use the same value as the VLAN number. WSS Software does notrequire the VLAN number and tag value to be the same, but some other vendors’ devices do.WSS Software automatically assigns tag values to Distributed APs. Each of these tag values represents a unique combi-nation of radio, encryption type, and VLAN. These tag values do not necessarily correspond to tag values you configureon the VLAN ports through which the Distributed AP is connected to the WSS.Tunnel affinityWSSs configured as a Mobility Domain allow users to roam seamlessly across APs and even across WSSs. Although aswitch that is not a member of a user’s VLAN cannot directly forward traffic for the user, the switch can tunnel thetraffic to another WSS that is a member of the user’s VLAN.If the WSS that is not in the user’s VLAN has a choice of more than one other WSS through which to tunnel the user’straffic, the switch selects the other switch based on an affinity value. This is a numeric value that each WSS within aMobility Domain advertises, for each of its VLANs, to all other switches in the Mobility Domain. A switch outside theuser’s VLAN selects the other operational switch that has the highest affinity value for the user’s VLAN to forwardtraffic for the user.If more than one WSS has the highest affinity value, WSS Software randomly selects one of the switches for the tunnel.Note. Because the default VLAN (VLAN 1) might not be in the same subnet on eachswitch, Nortel recommends that you do not rename the default VLAN or use it for usertraffic. Instead, configure other VLANs for user traffic.Note. Do not assign the same VLAN multiple times using different tag values to thesame network port. Although WSS Software does not prohibit you from doing so, theconfiguration is not supported.