The present disclosure relates to network computing. Computer networks typically include a collection of computing devices enabled to communicate with each other for handling data traffic and control instructions. For example, such devices can include servers, data centers, routers, network switches, management applications, wireless access points, and client computers. Computer networks can provide network connectivity to wired computing devices and/or wireless computing devices. Certain computer networks can provide an environment in which both wired and wireless users are supported by a same set of network switches by applying a same set of policies. Such an environment can be described as a unified network.
Computer networks can include various configurations. One such configuration, known as a local area network (LAN), provides network connectivity to a group of client computers using a single broadcast domain. In a broadcast domain, layer 2 broadcasts from one node can reach all other nodes in the domain. This group is typically small relative to other networks, and is often limited to a specific geographical area or network switch. A network switch can segment a physical LAN into multiple virtual broadcast domains or VLAN(s). The IEEE 802.1Q standard describes the concept of VLAN in detail. The virtual segmentation of communication on a same physical LAN is achieved using a VLAN specific ID tag to the layer 2 frames. The physical ports on the network switches can be configured to be members of one or more VLAN(s). A network switch forwards broadcast traffic for a VLAN only on those ports that are members of the VLAN.
A network switch can also apply policies on all traffic that flows in a VLAN. For example, the network switch can have VLAN-based access control lists to prevent users that belong to a certain VLAN from access certain networked resources. The static configuration approach in a wired network functions because wired end devices are always attached to the network via a single access port. A wireless local area network (WLAN), however, allows computing devices to move around. In this wireless scenario, the access port of a wireless device, from the point of view of a network switch, can change dynamically. Even though the access port of a wireless user can change dynamically, the VLAN and the network policies applied for the wireless client can remain independent of the port of access.