I have had the hardest time wrapping my head around the purpose of using BVIs.
When configuring a 871W with muliple SSIDs and multiple VLANS, config guides instruct that the wireless LAN must be "bridged" to the wired LAN using a BVI.
If I have multiple dot11radio subinterfaces asigned to their respective VLANS, shouldn't the router already know how to switch traffic between, say, wirless VLAN 20 and wired VLAN 20?
Wait, I might be answering my own question in my head...Is the BVI necessary for routing between the VLANs? Since the 871W uses a Layer 2 switch on the LAN side, unless I connect a physical cable from a trunked LAN port to the WAN interface on the 871W (in a router-on-a-stick setup), no routing between the VLANs can take place, right?
So, the BVI is set up to creat a "virtual link" to the WAN port as if the layer 2 switch were connected to a routable port on a router. Am I close on this?
Lucien is absolutely correct. Think of this: the AP, or better said, its radio interface represents one particular network interface in your router. Wired Ethernet ports are another interfaces that are physically distinct, independent and not directly interconnected in any way with each other or with the radio interface. It is simply a bunch of interfaces, each one isolated at the beginning from each other. With a separate and independent radio interface on one side and an Ethernet port on other side, you need something to bridge them to make them appear together as a single continuous LAN. That functionality is provided by the BVI virtual interface which is a software interface and provides the bridging in software. That is why you need the BVI to interconnect the wired and wireless part of your LAN, whether you use VLANs or not (they are just a way of virtualizing a single interface into several subinterfaces). Without a BVI, the wireless part of your LAN would be workable (the wireless clients could communicate with each other) but it would be separated from the wired LAN.