Advanced Configuration
VLANs now extend as far as the reach of the access point signal. Clients can be segmented into wireless
sub-networks by way of SSID and VLAN assignment. A Client can access the network by connecting to an AP
configured to support its assigned SSID/VLAN.
AP devices are fully VLAN-ready; however, by default VLAN support is disabled. Before enabling VLAN support,
certain network settings should be configured, and network resources such as a VLAN-aware switch, a RADIUS
server, and possibly a DHCP server should be available.
Once enabled, VLANs are used to conveniently, efficiently, and easily manage your network in the following ways:
– Manage adds, moves, and changes from a single point of contact
– Define and monitor groups
– Reduce broadcast and multicast traffic to unnecessary destinations
•
Improve network performance and reduce latency
– Increase security
•
Secure network restricts members to resources on their own VLAN
•
Clients roam without compromising security
VLAN tagged data is collected and distributed through an AP's wireless interface(s) based on Network Name (SSID).
An Ethernet port on the access point connects a wireless cell or network to a wired backbone. The access points
communicate across a VLAN-capable switch that analyzes VLAN-tagged packet headers and directs traffic to the
appropriate ports. On the wired network, a RADIUS server authenticates traffic and a DHCP server manages IP
addresses for the VLAN(s). Resources like servers and printers may be present, and a hub may include multiple APs,
extending the network over a larger area.
In this figure, the numbered items correspond to the following components:
1. VLAN-enabled access point
2. VLAN-aware switch (IEEE 802.1Q uplink)
3. AP management by way of wired host (SNMP, Web interface or CLI)
4. DHCP Server
5. RADIUS Server
6. VLAN 1
7. VLAN 2
Figure 4-22 Components of a typical VLAN
4-48
