Filter
Top Products
AT-WA7500 and AT-WA7501 Installation and User’s Guide
187
Configuring
VLANs
Virtual LANs (VLANs) make it easy to create and manage logical groups of
wireless end devices that communicate as if they were on the same LAN.
You can group all wireless users on a particular VLAN in order to manage
the IP address space differently. Or, you can use VLANs to separate
secure and non-secure traffic. For example, you may grant your
employees full access to your network, while routing all traffic from visitors
to the Internet. The access points may be configured to participate in a
properly configured VLAN.
You can configure each 802.11g and 802.11a radio with up to four SSIDs,
creating up to four service sets. Each service set shares one physical
radio configuration, but you may customize its security configuration.
Therefore, each service set can be configured to support a separate
VLAN.
However, an 802.11b radio can be configured with only one SSID.
Therefore, each 802.11b radio can support only one VLAN, and you would
need multiple 802.11b radios to implement multiple VLANs.
You configure each radio (or each service set) as a master radio with a
unique SSID and security solution. Then, you distribute the SSID of the
secure network to your end devices and the SSID of the non-secure
network to your customers.
The access points support the 802.1Q standard for VLAN tagging. When
the access point receives a frame from an end device, it applies the
appropriate VLAN tag to the frame and then bridges the VLAN-tagged
frame to the wired network. If you configure the VLAN field to 1, no VLAN
tag will be applied and the frames will be put on the wired network as
normal Ethernet frames. A VLAN-capable Ethernet switch receives the
VLAN-tagged frame and routes it appropriately. Only VLAN-aware devices
understand frames with VLAN tags; end devices only understand and
accept frames that are meant for them that do not have a VLAN tag.
In order for the spanning tree to work, all access points must be on the
same Native port on the Ethernet switch. The switch must be able to
support a “hybrid” VLAN, which means the switch can support both VLAN-
tagged and normal Ethernet frames on the switch port. The access point
only encapsulates wireless traffic. Any communication with the access
point across the wired network is always normal Ethernet traffic.