AWK-5232
Web Console Configuration
3-23
Using Virtual LAN
Setting up Virtual LANs (VLANs) on your AWK series increases the efficiency of your network by dividing the
LAN into logical segments, as opposed to physical segments. In general, VLANs are easier to manage.
The Virtual LAN (VLAN) Concept
What is a VLAN?
A virtual LAN, commonly known as a VLAN, is a group of hosts with a common set of requirements that
communicate as if they were attached to the same broadcast domain, regardless of their physical location. A
VLAN has the same attributes as a physical LAN, but it allows for end stations to be grouped together even if
they are not located on the same network switch. Network reconfiguration can be done through software
instead of physically relocating devices.
VLANs now extend as far as the reach of the access point signal. Clients can be segmented into wireless
sub-networks via SSID and VLAN assignment. A Client can access the network by connecting to an AP
configured to support its assigned SSID/VLAN.
Benefits of VLANs
VLANs are used to conveniently, efficiently, and easily manage your network in the following ways:
•
Manage adds, moves, and changes from a single point of contact
•
Define and monitor groups
•
Reduce broadcast and multicast traffic to unnecessary destinations
•
Improve network performance and reduce latency
•
Increase security
•
Secure network restricts members to resources on their own VLAN
•
Clients roam without compromising security
VLAN Workgroups and Traffic Management
The AP assigns clients to a VLAN based on a Network Name (SSID). The AP can support up to 9 SSIDs per radio
interface, with a unique VLAN configurable per SSID.
The AP matches packets transmitted or received to a network name with the associated VLAN. Traffic received
by a VLAN is only sent on the wireless interface associated with that same VLAN. This eliminates unnecessary
traffic on the wireless LAN, conserving bandwidth and maximizing throughput.
In addition to enhancing wireless traffic management, the VLAN-capable AP supports easy assignment of
wireless users to workgroups. In a typical scenario, each user VLAN represents a department workgroup; for
example, one VLAN could be used for a marketing department and the other for a human resource department.
In this scenario, the AP would assign every packet it accepted to a VLAN. Each packet would then be identified
as marketing or human resource, depending on which wireless client received it. The AP would insert VLAN
headers or “tags” with identifiers into the packets transmitted on the wired backbone to a network switch.
Finally, the switch would be configured to route packets
from the marketing department to the appropriate
corporate resources such as printers and servers.
Packets from the human resource department could be
restricted to a gateway that allowed access to only the
Internet. A member of the human resource department
could send and receive e-mail and access the Internet,
but would be prevented from accessing servers or hosts
on the local corporate network.