Access point - VLAN configuration

Hi friends,

I just a basic question on installation of Access points on a network with VLAN configured. The setup is like this:

There are three floors in a building, where PC's are connected to a switch on every floor and all these switches are converged to a Layer 3 switch where VLAN is configured. There are 5-6 VLAN's configured on the switch. These VLAN's are based project-wise / client-wise.

Now if I have 1-2 access points connected to a switch on every floor to provide access to wireless users (who are supposed to have restricted access as they are part of the VLAN too), then what would happen if any of these wireless users go from one floor to the other? Will they get access to another VLAN by just doing a physical walk through?

Please suggest on some tips to install Access points in such a VLAN scenario.

Thanks a lot Gautam

Reply to
gautamzone
Loading thread data ...

The wireless users will be in the same VLAN as the Access Point. There are also access points that can broadcast multiple SSIDs and put the user into different VLANs on SSID basis. I know Funkwerk is building such APs.

Thomas

Reply to
Thomas Krüger

if you want a user to be able to roam between APs then they generally need to be part of the same IP subnet.

the easiest way if you have such an infrastructure is to define a new VLAN which is just for wireless across the set of switches where you need to connect APs - it should really be dedicated to wireless devices.

you imply that the wireless subnet is restricted in some way - if so, you should isolate the subnet from the rest of the network (ie. not make it "just another subnet" on the central switch) and connect by your favorite tools - traffic filters, VLAN server, proxy, firewall or whatever.

Dont forget to secure the management access to the APs as well.

the cisco range of APs support multiple SSIDs at the same time, with different parameters such as WEP / WPA settings per SSID, and connecting each SSID back to a separate 802.1Q VLAN - this allows you to have an internal wireless network with "guest" access for example over the same wireless infrastructure.

just be aware these things cost more money and need more care and attention to set them up.

Reply to
stephen

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.