The SWAN central switch deployment mode, discussed Chapter 9, can have a number of implications on how the network designer layers security in the WLAN deployment. The exact implications depend on which security frameworks (802.1x/EAP or VPN) the network designer has selected for the WLAN deployment.
In embedded security design environments, the central switch deployment primarily affects how you integrate additional security technology, such as firewalls and network intrusion detection, after the end user has accessed the WLAN. Figure 10-5 depicts how multiple WLAN VLANs are tunneled via multipoint Generic Router Encapsulation (mGRE) across access layer or distribution layer Ethernet switches to the 6500 with the Wireless LAN Services Module (WLSM).