Advanced Configuration AP-700 User Guide
SSID/VLAN/Security
103
SSID/VLAN/Security
The AP provides several security features to protect your network from unauthorized access. This section gives an
overview of VLANs and then discusses the SSID/VLAN/Security configuration options in the AP:
• VLAN Overview
• Management VLAN
• Security Profile
• MAC Access
• Wireless
The AP also provides Broadcast SSID/Closed System and Rogue Scan to protect your network from unauthorized
access. See the Broadcast SSID and Closed System and Rogue Scan sections from more information.
VLAN Overview
Virtual Local Area Networks (VLANs) are logical groupings of network hosts. Defined by software settings, other VLAN
members or resources appear (to clients) to be on the same physical segment, no matter where they are attached on the
logical LAN or WAN segment. They simplify traffic flow between clients and their frequently-used or restricted resources.
VLANs now extend as far as the reach of the access point signal. Clients can be segmented into wireless sub-networks
via SSID and VLAN assignment. A Client can access the network by connecting to an AP configured to support its
assigned SSID/VLAN.
AP devices are fully VLAN-ready; however, by default VLAN support is disabled. Before enabling VLAN support, certain
network settings should be configured, and network resources such as a VLAN-aware switch, a RADIUS server, and
possibly a DHCP server should be available.
Once enabled, VLANs are used to conveniently, efficiently, and easily manage your network in the following ways:
• Manage adds, moves, and changes from a single point of contact
• Define and monitor groups
• Reduce broadcast and multicast traffic to unnecessary destinations
– Improve network performance and reduce latency
• Increase security
– Secure network restricts members to resources on their own VLAN
– Clients roam without compromising security
VLAN tagged data is collected and distributed through an AP's wireless interface(s) based on Network Name (SSID). An
Ethernet port on the access point connects a wireless cell or network to a wired backbone. The access points
communicate across a VLAN-capable switch that analyzes VLAN-tagged packet headers and directs traffic to the
appropriate ports. On the wired network, a RADIUS server authenticates traffic and a DHCP server manages IP
addresses for the VLAN(s). Resources like servers and printers may be present, and a hub may include multiple APs,
extending the network over a larger area.