Header
Home | Sitemap  
Sections
Syndication


Home : 802.11 Network : Deploying VLANs over Wireless

Deploying VLANs over Wireless

by


   

Deploying VLANs over Wireless

The use of VLANs with WLANs is becoming more popular. Initially, VLANs were used only on the wired side, and all the APs were placed on a single VLAN. Many of the enterprise-class wireless devices today support VLANs over the RF. This enables you to place wireless devices into different VLANs, all while communicating to the same AP.

According to the IEEE, VLANs define broadcast domains in a Layer 2 network. Traditional networks use routers to define broadcast domain boundaries. Layer 2 switches create broadcast domains based on the configuration of the switch. Switches are multiport bridges that allow the creation of multiple broadcast domains. Each broadcast domain is a distinct virtual bridge within a switch.

VLANs have the same attributes as physical LANs with the additional capability to group end stations virtually to the same LAN segment regardless of the end stations' geographical locations. Figure 9-8 shows an example of two wired VLANs in logically defined networks that have been extended to the wireless.

Figure 9-8. Extending VLANs Beyond the Wire

[View full size image]

Single or multiple VLANs can be identified within most switches. Each VLAN created in the switch defines a new broadcast domain. Switch interfaces assigned to VLANs manually are referred to as interface-based or static membership-based VLANs. This type of VLAN is often associated with IP subnetworks. For example, when all the end stations in a particular IP subnet belong to the same VLAN, traffic cannot pass directly to another VLAN (between broadcast domains) within the switch or between two switches. Traffic between VLANs must be routed.

To interconnect two different VLANs, routers or Layer 3 switches are used. These routers or Layer 3 switches execute inter-VLAN routing, or routing of traffic between VLANs. Broadcast traffic is then terminated and isolated by these Layer 3 devices. (For example, a router or Layer 3 switch will not route broadcast traffic from one VLAN to another.)

The concept of Layer 2 wired VLANs has been extended to the WLAN with wireless VLANs. As with wired VLANs, wireless VLANs define broadcast domains and segregate broadcast and multicast traffic between VLANs. When VLANs are not used, an IT administrator must install additional WLAN infrastructure to segment traffic between user groups or device groups. To segment traffic between employee and guest VLANs, for example, an IT administrator must install two APs at each location throughout an enterprise WLAN network. In the 2.4-GHz band, however, there are only three nonoverlapping channelsan obvious limitation. This limitation restricts the number of VLANs and hinders the reuse of channels.

With the use of wireless VLANs, however, you can use one AP at each location to provide access to both groups. With most enterprise wireless products today, an 802.1Q trunk can be terminated on an AP, allowing access for up to as many as 16 wired VLANs and possibly more.

In addition, with WLANs, you can define a per-VLAN network security policy on the AP, providing different levels of security for users on different VLANs.

Wireless VLAN deployment is different for indoor and outdoor environments. For indoor deployments, the AP is generally configured to map several wired VLANs to the WLAN. For outdoor environments, 802.1Q trunks are deployed between bridges, with each bridge terminating and extending as an 802.1Q trunk and thus participating in the 802.1d-based Spanning Tree Protocol (STP) process.

Figure 9-9 shows an indoor wireless VLAN deployment scenario. Four wireless VLANs are provisioned across the campus to provide WLAN access to full-time employees (segmented into engineering, marketing, and human resources user groups) and guests.

Figure 9-9. Wireless VLAN


In the case of Figure 9-9, the SSID is used to define a wireless VLAN on the AP. Each SSID is then mapped to a VLAN ID on the wired side, with a default SSID to VLAN ID mapping. In other cases, the type of authentication or security used or even MAC addresses might be used to place certain users into specific VLANs.

If VLANs are intended as a feature for the WLAN, be certain that the routers or switches that the APs will connect to provide the necessary support.


5219 times read

Related news
» Using Common Applications over Bridges
by admin posted on Jan 09,2007
» Making the Private Network Public-Layering
by admin posted on Aug 23,2007


More Top News
Cisco Wireless Networking
arrow What is a WLAN?
arrow How does a Wireless LAN Work?
arrow WLAN Benefits
arrow WLAN Design Considerations
arrow Accounting for the Fresnel Zone and Earth Bulge
arrow Radio Frequency Interference
arrow Interference from Radio Transmitters
arrow Harmonics
arrow Application Considerations
arrow Structural Considerations
arrow Security Considerations
arrow Network Management Considerations
arrow WLAN Modes of Operation
arrow What is a Wireless-aware LAN?
arrow Wireless-aware LAN Benefits
arrow Wireless Domain Services for IEEE 802.1X Local Authentication Service and Fast Secure Roaming Support
arrow Rogue AP Detection and Locatio
arrow Interference Detection to Isolate and Locate Network Interference
arrow Simplified WLAN Deployment Processes with Assisted Site Surveys
arrow Streamlined WLAN Management and Operations Support
arrow Seamless Delivery of Enhanced Network Security Solutions
arrow Radio Frequency (RF) Basics
arrow Transmitting Radio Signals over EM Waves
arrow Rogue AP Detection and Locatio
arrow Anatomy of a Waveform
arrow Propagating a Strong Radio Signal
arrow Understanding Signal Power and S/N Ratio
arrow Attenuation
arrow Bouncing
arrow Who Uses Wireless Technology?
arrow Wireless Security Filtering
arrow Wireless Security WPA
Most Popular
Featured Author

RhiFaT

image
Wireless Resources   Privacy Policy
If you think you own the material being used without permission, contact rhifat[at]hotmail.com. material will be removed from the site.