I have been planning to add VLANs to my APs and it seems pretty straight-forward. You put sub-if, bridge-groups, map SSID to VLAN and its done. The problem arrises when I try to separate the VLANs and give the secure VLAN more access than the non-secure?
The only way i know to do this is when the VLANs are on different subnets and you would create sub-if on a router interface. One sub-if member of VLAN1 the other VLAN2, with different IPs on each subinterface. Problem is the AP is only on 1 subnet, and both Vlans comming out of it would be in the same subnet! How would i proceed this way?
My setup is:
All APs are on subnet 10.1.x.x, connecting to a DMZ port on a PIX, which acts as a dhcp server and a Gateway (10.1.x.1). My network is on10.5.x.x. Is there a way to send VLAN1 to the inside interface on the PIX, and VLAN2 to the outside? After PIX OS 6.3 you can use vlans by adding logical interfaces, but i run in the same problem with not being able to put both PIX sub-if in the same subnet...
What is the normal procedure when dealing with WVLANs in your network?